Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
avast_free_antivirus_setup_online.exe

Overview

General Information

Sample name:avast_free_antivirus_setup_online.exe
Analysis ID:1557017
MD5:3df8662a0a6e5d44dda952b703ca3415
SHA1:53e291164837412630395b77d21ddc0b9045b522
SHA256:15d337b503e75aadc343cfef9801ebdc16e6b255a404119ebd56c1e48e0e0179
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to infect the boot sector
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Tries to delay execution (extensive OutputDebugStringW loop)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • avast_free_antivirus_setup_online.exe (PID: 6844 cmdline: "C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe" MD5: 3DF8662A0A6E5D44DDA952B703CA3415)
    • avast_free_antivirus_setup_online_x64.exe (PID: 3868 cmdline: "C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f MD5: 5602827611566F03E75534E544049184)
      • Instup.exe (PID: 4196 cmdline: "C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f MD5: 3ABF9F028C72536CFAE2C019442F26AA)
        • instup.exe (PID: 6564 cmdline: "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f /online_installer MD5: 3ABF9F028C72536CFAE2C019442F26AA)
          • aswOfferTool.exe (PID: 2200 cmdline: "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevated MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
          • aswOfferTool.exe (PID: 1284 cmdline: "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" /check_secure_browser MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
          • aswOfferTool.exe (PID: 4764 cmdline: "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
            • aswOfferTool.exe (PID: 4748 cmdline: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine|base64offset|contains: ^r@E+*', Image: C:\Users\Public\Documents\aswOfferTool.exe, NewProcessName: C:\Users\Public\Documents\aswOfferTool.exe, OriginalFileName: C:\Users\Public\Documents\aswOfferTool.exe, ParentCommandLine: "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC, ParentImage: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe, ParentProcessId: 4764, ParentProcessName: aswOfferTool.exe, ProcessCommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, ProcessId: 4748, ProcessName: aswOfferTool.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-17T04:01:23.102228+010020283713Unknown Traffic192.168.2.54971134.117.223.223443TCP
2024-11-17T04:01:23.108550+010020283713Unknown Traffic192.168.2.54971234.117.223.223443TCP
2024-11-17T04:01:24.411250+010020283713Unknown Traffic192.168.2.54971334.117.223.223443TCP
2024-11-17T04:01:25.582621+010020283713Unknown Traffic192.168.2.54971534.117.223.223443TCP
2024-11-17T04:01:26.078792+010020283713Unknown Traffic192.168.2.54971634.160.176.28443TCP
2024-11-17T04:01:27.076964+010020283713Unknown Traffic192.168.2.54971734.117.223.223443TCP
2024-11-17T04:02:00.735217+010020283713Unknown Traffic192.168.2.56509034.160.176.28443TCP
2024-11-17T04:02:04.905276+010020283713Unknown Traffic192.168.2.56511334.117.223.223443TCP
2024-11-17T04:02:06.708925+010020283713Unknown Traffic192.168.2.56512534.111.24.1443TCP
2024-11-17T04:02:07.669740+010020283713Unknown Traffic192.168.2.56513134.117.223.223443TCP
2024-11-17T04:03:04.054341+010020283713Unknown Traffic192.168.2.56520134.117.223.223443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019B0E0 CryptDestroyHash,CryptDestroyHash,0_2_0019B0E0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00199250 CryptGenRandom,GetLastError,__CxxThrowException@8,0_2_00199250
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001982F0 CryptDestroyHash,0_2_001982F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00199450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,0_2_00199450
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00198DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,0_2_00198DC0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00199020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00199020
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00198260 CryptDestroyHash,0_2_00198260
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00199340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00199340
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001994D0 CryptHashData,GetLastError,__CxxThrowException@8,0_2_001994D0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001B2660 CryptReleaseContext,0_2_001B2660
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00198EF0 CryptReleaseContext,0_2_00198EF0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF38730 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,7_2_00007FF7CEF38730
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_c8b061be-d
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe
Uses 32bit PE files
Source: avast_free_antivirus_setup_online.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: avast_free_antivirus_setup_online.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:65090 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:65125 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65131 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65201 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: avast_free_antivirus_setup_online.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.2184613412.00007FF62E3F0000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdbG source: Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb| source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avast_free_antivirus_setup_online.exe, 00000000.00000000.2065242290.00000000001B3000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb4 source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001AA4B5 FindFirstFileExW,0_2_001AA4B5
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF887F8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,7_2_00007FF7CEF887F8
Source: global trafficTCP traffic: 192.168.2.5:64942 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49715 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49717 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 34.160.176.28:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49711 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:65090 -> 34.160.176.28:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:65125 -> 34.111.24.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:65131 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:65201 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:65113 -> 34.117.223.223:443
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-ch&repoid=iavs9x&p_lan=8192&p_lng=en&p_vep=24&p_ves=11&p_vbd=6137&p_cnm=530978&p_hid=5bee0db5-140b-4567-a82a-8d917bd4e4de&p_bld=mmm_ava_esg_000_361_m&p_adp=0000&p_midex=1F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6&p_chs=5&p_chr=2&p_gccc=2&p_scr=intro&p_sbi=0&p_ram=8191&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: */*User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )Host: ipm.avcdn.net
Source: global trafficHTTP traffic detected: GET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%225bee0db5-140b-4567-a82a-8d917bd4e4de%22%2C%22hwid%22%3A%221F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%2C%22tracking%22%3A%5B%7B%22key%22%3A%22LicenseBusinessSource%22%2C%22value%22%3A%22NotSet%22%7D%5D%2C%22brand%22%3A%22Avast%22%2C%22placement_type%22%3A%22setup%22%2C%22message_name%22%3A%22setup-avast-offer_nitro-secure-browser%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: */*User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )Host: analytics.ff.avast.com
Source: global trafficDNS traffic detected: DNS query: v7event.stats.avast.com
Source: global trafficDNS traffic detected: DNS query: iavs9x.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: analytics.avcdn.net
Source: global trafficDNS traffic detected: DNS query: shepherd.ff.avast.com
Source: global trafficDNS traffic detected: DNS query: b8003600.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: l4691727.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: n2833777.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: r6726306.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: s-iavs9x.avcdn.net
Source: global trafficDNS traffic detected: DNS query: w5805295.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: l7814800.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: m0658849.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: r9319236.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: z4055813.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: b8003600.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: h4444966.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: j0294597.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: s-vps18tiny.avcdn.net
Source: global trafficDNS traffic detected: DNS query: y8002308.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: z4055813.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: ipm.avcdn.net
Source: global trafficDNS traffic detected: DNS query: analytics.ff.avast.com
Source: global trafficDNS traffic detected: DNS query: ipmcdn.avast.com
Source: unknownHTTP traffic detected: POST /cgi-bin/iavsevents.cgi HTTP/1.1Connection: Keep-AliveContent-Type: iavs4/statsContent-MD5: CpKkUpyrs6l88iz4KdcPbQ==User-Agent: Avast SimpleHttp/3.0Content-Length: 392Host: v7event.stats.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9x9tinyU
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5xcgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B67D1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a52.vpx
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431646233.000001B2B69B1000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352410738.000001B2B69B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x/instcont_x64_ais-a52.vpx
Source: Instup.exe, 00000004.00000003.2463948803.000001B2B69B2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333912802.000001B2B55D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x/setgui_x64_ais-a52.vpx
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9xogramFolder)3
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9xogramFolder)in
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tinyJ
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tiny?
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitrou
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotinya
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xpd4
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tinyK49
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro)4
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.comirsBaseUrlTrackingSurvived
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp42~
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18tiny.u.avcdn.net/vps18tinyq53
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ftp://UnknownWindows-3.11Windows-95Windows-95-OSR2Windows-98Windows-98-SEWindows-MEWindows-CE
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xpB)
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro3(q
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.ava
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B6736000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xpN3$
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avastI
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tinyI3;
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitro90K
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotinyo?
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000000.2065242290.00000000001B3000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tiny)
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tinyW-
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps#
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotinyi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x8tinyv
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5xtrok7
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tinyy7
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xpr40
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x-xpJ28
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x8tinyX
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitrou2?
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp=/w
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tiny/b
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotinyq
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xp54
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tinyc5
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xpF6
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tinyL7&
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitrol6
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2149727654.000002149C24D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2149902020.000002149C24E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2149655656.000002149C242000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2149540992.000002149C23F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tinyQ
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tinyB.
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotinyY
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tinyL%&
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotinylicI
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xpd-
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tiny1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xp)-
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tinyc
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xpy
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9xcgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x~%4
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tinyA$#
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tinyf0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tinyt0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitroB0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinyR
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsu
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0982000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyI
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgiV2
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitrou
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiC2
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x;
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tinyc
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.0000000005199000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2366374663.000000000519B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330907407.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749405580.00000000051B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3329589709.0000000005157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi;w
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xpg
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tinyq#3
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro&
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/A
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/K
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.0000000005191000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2366738425.0000000005191000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330400164.0000000005191000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect8
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/intl/%s/toolbar/ie/partnereula.htmlgtoolbar_andgtoolbar_priv_policyAvBehav_Gto
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tinyx
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xpj
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xcgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tiny(
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9xi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tinyC
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dSe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.nethttps://analytics.avcdn.net/v4/receive/json/67A1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183227379.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2171372474.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198702568.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807648004.00000214999ED000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207227468.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329754302.00000214999EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%deditionhttps://analytics-stage.avcdn.net/v4/receive/js
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/15Error
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170772181.0000021499A04000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2171372474.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0982000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2171372474.00000214999D2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207227468.00000214999D2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198702568.00000214999D2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183227379.00000214999D2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329583859.00000214999D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170117039.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170828491.0000021499A3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-complete
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-completehttps://avg.com/installation-completeproduct_skuFreeProIntern
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avg.com/installation-complete
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe?campaign_source=av_install_t
Source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avg_secure_browser_setup.exehttps://cdn-av-download.avastbr
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183056364.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170862829.0000021499A37000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183178482.0000021499A2A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170117039.0000021499A31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2366738425.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330400164.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183056364.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170862829.0000021499A37000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183178482.0000021499A2A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170117039.0000021499A31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2366738425.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330400164.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.000000000517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csw.client.privax.comhttps://win.client.cleanup.avirahttps://win.client.secureline.avirahttp
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.comhttps://winqual.sb.avast.com/V1/MDHostapplication/octet-streamContent-TypeV1
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av//avast_premium_security_online_setup.exe/avast_omni_online_s
Source: Instup.exe, 00000004.00000002.3332227075.000001B2B3A98000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe
Source: Instup.exe, 00000004.00000002.3332227075.000001B2B3A98000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exe
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.0000000005199000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2366374663.000000000519B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330907407.00000000051B2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749405580.00000000051B1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2366738425.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330400164.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.000000000517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B6736000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspectionJ
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectionol.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B6716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B556D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pamcdn.avast.com/pamcdn/extensions/install/win/extension/index.html?p_pei=%token%&cn=%cn%&cs
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xp
Source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://s-tools.avcdn.net/tools/chrome/av-chrome-2019.exe.lzma.tmpInstallerOffers.GoogleChrome/r:
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B68E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitro.avcdn.net/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.avast.com/yellowblueredlevelissue_action_disk_spaceempty_binhintadditionaldescriptio
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avas
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi)
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi1
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiA
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiF
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiQ
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiW?5
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiZ
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgia
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgicgi
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgicgiq
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgicgiy
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiefi9
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiic9
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiini
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny1
Source: Instup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyJ
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgimp
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgity
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgivastlic
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgivpx
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335022357.000002149E2CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183227379.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2171372474.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198702568.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807648004.00000214999ED000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207227468.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329754302.00000214999EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/Q
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0982000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2171372474.00000214999E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi3
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiA
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198702568.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3333427014.000001B2B5576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiS
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329827656.00000214999F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807648004.00000214999ED000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207227468.00000214999E4000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807730382.00000214999F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiZ
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198702568.00000214999E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgih
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgii
Source: Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335022357.000002149E2CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/h
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335022357.000002149E2CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/~
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807839611.00000214999C1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.00000214999C1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183056364.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999C6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183178482.0000021499A2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comavast_streamback_
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://win.client.cleanup.avasthttps://win.client.secureline.avasthttps://win.client.breachguard.av
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://win.client.secureline.avghttps://win.client.antivirus.avghttps://win.client.batterysaver.avg
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/%s/eula#pchttps://www.avira.com/en/license-agreement-terms-of-useeula_linkhttps:
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser/privacy/chrome_priv_policyhttps://www.google.com/intl/%s/chrom
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/policies/terms/google_termslearn_moreAvBehav_Googlechrome_trygoogle_t
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65131
Source: unknownNetwork traffic detected: HTTP traffic on port 65114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65125
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 65125 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65201 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65113 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65131 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65114
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65113
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:65090 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65113 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:65125 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65131 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:65201 version: TLS 1.2
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8298AE0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FF8A8298AE0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8298AE0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FF8A8298AE0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8298560 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,RegisterClipboardFormatW,SetClipboardData,CloseClipboard,7_2_00007FF8A8298560
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80FEF00 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,7_2_00007FF8A80FEF00
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E2FBC80 NtQueryInformationProcess,4_2_00007FF62E2FBC80
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF1BC80 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,7_2_00007FF7CEF1BC80
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0F8A0 CreateIoCompletionPort,CloseHandle,GetCurrentProcess,NtCreateWorkerFactory,CloseHandle,NtQueryInformationProcess,NtQuerySystemInformation,GetCurrentProcessId,CloseHandle,CloseHandle,NtQueryInformationWorkerFactory,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,7_2_00007FF7CEE0F8A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF2E630 NtQueryKey,7_2_00007FF7CEF2E630
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0F3C0 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_00007FF7CEE0F3C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80F8D05 NtdllDefWindowProc_A,7_2_00007FF8A80F8D05
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8130D50 NtdllDefWindowProc_A,7_2_00007FF8A8130D50
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8130DB0 NtdllDefWindowProc_W,7_2_00007FF8A8130DB0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80F8E20 NtdllDefWindowProc_W,7_2_00007FF8A80F8E20
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8130E10 NtdllDefWindowProc_A,7_2_00007FF8A8130E10
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80F7E9A NtdllDefWindowProc_A,RtlLeaveCriticalSection,7_2_00007FF8A80F7E9A
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8130EC0 NtdllDefWindowProc_W,7_2_00007FF8A8130EC0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812FF20 NtdllDefWindowProc_A,7_2_00007FF8A812FF20
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812FF80 NtdllDefWindowProc_W,7_2_00007FF8A812FF80
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80FF040 GetWindowLongA,GetWindowLongA,GetWindowDC,GetSystemMetrics,GetSystemMetrics,GetWindowRect,GetSystemMetrics,GetSystemMetrics,InflateRect,CreateRectRgnIndirect,CombineRgn,OffsetRect,OffsetRect,ExcludeClipRect,InflateRect,GetClassLongPtrA,InflateRect,FillRect,NtdllDefWindowProc_A,DeleteObject,ReleaseDC,7_2_00007FF8A80FF040
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812F730 NtdllDefWindowProc_A,7_2_00007FF8A812F730
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812F7E0 NtdllDefWindowProc_W,7_2_00007FF8A812F7E0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019A100: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_0019A100
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001952F00_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019BB700_2_0019BB70
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001AC9D00_2_001AC9D0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001B126C0_2_001B126C
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019D3400_2_0019D340
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019EDE00_2_0019EDE0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001ACE7E0_2_001ACE7E
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A66E40_2_001A66E4
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7ACE7E82_2_00007FF7C7ACE7E8
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7ACCDA42_2_00007FF7C7ACCDA4
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AD88B02_2_00007FF7C7AD88B0
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AC74302_2_00007FF7C7AC7430
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AD50942_2_00007FF7C7AD5094
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C79F10002_2_00007FF7C79F1000
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7ADABF42_2_00007FF7C7ADABF4
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AE1BE82_2_00007FF7C7AE1BE8
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AD93E02_2_00007FF7C7AD93E0
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AC17502_2_00007FF7C7AC1750
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7A98B002_2_00007FF7C7A98B00
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AC4E2C2_2_00007FF7C7AC4E2C
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AC55D42_2_00007FF7C7AC55D4
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AC52002_2_00007FF7C7AC5200
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AD8D602_2_00007FF7C7AD8D60
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1E76604_2_00007FF62E1E7660
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E3187304_2_00007FF62E318730
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E31A5304_2_00007FF62E31A530
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B85004_2_00007FF62E1B8500
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B47524_2_00007FF62E1B4752
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B6F524_2_00007FF62E1B6F52
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B10004_2_00007FF62E1B1000
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1C58604_2_00007FF62E1C5860
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E33B8604_2_00007FF62E33B860
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1C31004_2_00007FF62E1C3100
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E3085704_2_00007FF62E308570
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B6E304_2_00007FF62E1B6E30
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1BFE304_2_00007FF62E1BFE30
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B4EC04_2_00007FF62E1B4EC0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1C36C04_2_00007FF62E1C36C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E2F74004_2_00007FF62E2F7400
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B54604_2_00007FF62E1B5460
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1BBC504_2_00007FF62E1BBC50
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E3042804_2_00007FF62E304280
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E1B22F04_2_00007FF62E1B22F0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E31AAF04_2_00007FF62E31AAF0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE03FD07_2_00007FF7CEE03FD0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0ADC07_2_00007FF7CEE0ADC0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0BD607_2_00007FF7CEE0BD60
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF387307_2_00007FF7CEF38730
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0C8D07_2_00007FF7CEE0C8D0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF3A5307_2_00007FF7CEF3A530
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE076607_2_00007FF7CEE07660
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD85007_2_00007FF7CEDD8500
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDF74707_2_00007FF7CEDF7470
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF2F2207_2_00007FF7CEF2F220
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0E1307_2_00007FF7CEE0E130
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD10007_2_00007FF7CEDD1000
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE75FB07_2_00007FF7CEE75FB0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDE31007_2_00007FF7CEDE3100
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF9CF807_2_00007FF7CEF9CF80
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF15E207_2_00007FF7CEF15E20
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE05DD07_2_00007FF7CEE05DD0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFB0D507_2_00007FF7CEFB0D50
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD4EC07_2_00007FF7CEDD4EC0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDDFE307_2_00007FF7CEDDFE30
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD6E307_2_00007FF7CEDD6E30
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFA7C207_2_00007FF7CEFA7C20
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF9CBAC7_2_00007FF7CEF9CBAC
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDDBC507_2_00007FF7CEDDBC50
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF3AAF07_2_00007FF7CEF3AAF0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFBC9407_2_00007FF7CEFBC940
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF5B8607_2_00007FF7CEF5B860
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFB08A07_2_00007FF7CEFB08A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0D7907_2_00007FF7CEE0D790
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD47527_2_00007FF7CEDD4752
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0F8A07_2_00007FF7CEE0F8A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFAF7B07_2_00007FF7CEFAF7B0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDE58607_2_00007FF7CEDE5860
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF887F87_2_00007FF7CEF887F8
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE105707_2_00007FF7CEE10570
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDE36C07_2_00007FF7CEDE36C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE056C07_2_00007FF7CEE056C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF285707_2_00007FF7CEF28570
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFB24987_2_00007FF7CEFB2498
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF9D3547_2_00007FF7CEF9D354
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD54607_2_00007FF7CEDD5460
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEFB13D07_2_00007FF7CEFB13D0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF174007_2_00007FF7CEF17400
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF242807_2_00007FF7CEF24280
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEDD22F07_2_00007FF7CEDD22F0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF9F1B07_2_00007FF7CEF9F1B0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A82319107_2_00007FF8A8231910
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80F6F8C7_2_00007FF8A80F6F8C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81034707_2_00007FF8A8103470
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A813B9107_2_00007FF8A813B910
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A813F9507_2_00007FF8A813F950
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812A9907_2_00007FF8A812A990
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81329D07_2_00007FF8A81329D0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8126A707_2_00007FF8A8126A70
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8145A807_2_00007FF8A8145A80
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A4AF07_2_00007FF8A83A4AF0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8151AF07_2_00007FF8A8151AF0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A810AB007_2_00007FF8A810AB00
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8183B007_2_00007FF8A8183B00
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81B8BC07_2_00007FF8A81B8BC0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A810DC007_2_00007FF8A810DC00
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A5C747_2_00007FF8A83A5C74
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A810DCD07_2_00007FF8A810DCD0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8185D307_2_00007FF8A8185D30
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812ADA07_2_00007FF8A812ADA0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8146DB07_2_00007FF8A8146DB0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83C3E4C7_2_00007FF8A83C3E4C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A4EC47_2_00007FF8A83A4EC4
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8155E807_2_00007FF8A8155E80
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A6EA47_2_00007FF8A83A6EA4
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A82E7F6C7_2_00007FF8A82E7F6C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A8154F707_2_00007FF8A8154F70
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812EFA07_2_00007FF8A812EFA0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83AFFF07_2_00007FF8A83AFFF0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A82320607_2_00007FF8A8232060
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81470407_2_00007FF8A8147040
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81330507_2_00007FF8A8133050
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A813D0A07_2_00007FF8A813D0A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81520A07_2_00007FF8A81520A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81460D07_2_00007FF8A81460D0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81D61607_2_00007FF8A81D6160
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A82371507_2_00007FF8A8237150
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81472007_2_00007FF8A8147200
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81262107_2_00007FF8A8126210
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81302107_2_00007FF8A8130210
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A72D87_2_00007FF8A83A72D8
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81312E07_2_00007FF8A81312E0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81402C07_2_00007FF8A81402C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81462C07_2_00007FF8A81462C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83CE34C7_2_00007FF8A83CE34C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83C331C7_2_00007FF8A83C331C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A63907_2_00007FF8A83A6390
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A813B4907_2_00007FF8A813B490
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A819E4E07_2_00007FF8A819E4E0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83B75207_2_00007FF8A83B7520
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81455507_2_00007FF8A8145550
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A810D5907_2_00007FF8A810D590
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81255C07_2_00007FF8A81255C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812E6207_2_00007FF8A812E620
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A82986207_2_00007FF8A8298620
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81307207_2_00007FF8A8130720
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812D7607_2_00007FF8A812D760
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83A471C7_2_00007FF8A83A471C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83C37CC7_2_00007FF8A83C37CC
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A81788307_2_00007FF8A8178830
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812C8107_2_00007FF8A812C810
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83C88207_2_00007FF8A83C8820
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A82DE8B07_2_00007FF8A82DE8B0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A80FE8907_2_00007FF8A80FE890
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A812F8907_2_00007FF8A812F890
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: 8_2_00E930808_2_00E93080
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 12_2_005D308012_2_005D3080
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: String function: 00007FF8A835F1A0 appears 33 times
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: String function: 00007FF8A835EAD0 appears 42 times
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: String function: 00007FF8A8236E60 appears 31 times
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: String function: 00007FF7CEDD5D00 appears 99 times
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: String function: 00007FF8A83A2C20 appears 37 times
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: String function: 00007FF7C7A16480 appears 86 times
Source: offertool_x64_ais-a52.vpx.4.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: asw29359dd52e91b0d9.tmp.4.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswOfferTool.exe.10.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemicrostub.exe, vs avast_free_antivirus_setup_online.exe
Source: avast_free_antivirus_setup_online.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal45.evad.winEXE@14/62@91/3
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001952F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_001952F0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0F3C0 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_00007FF7CEE0F3C0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00191930 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GlobalFree,CoInitializeEx,CoCreateInstance,GetDC,CreateDIBSection,ReleaseDC,DeleteObject,0_2_00191930
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001938C0 CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,FindResourceW,LoadResource,wsprintfW,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,0_2_001938C0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exe
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeMutant created: NULL
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_a5e081267cf8ea74ea67b3865baf2e50
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile created: C:\Windows\Temp\asw.bcf0ed0195a4896fJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /silent0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /cookie0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /ppi_icd0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /cust_ini0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Enabled0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxyType0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Port0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: User0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Password0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Properties0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /smbupd0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: enable0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: mirror0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: count0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: servers0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: urlpgm0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: server00_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: http://0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: https://0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: allow_fallback0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: mirror0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: installer.exe0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: {versionSwitch}0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: stable0_2_001952F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: %s\%s0_2_001952F0
Source: avast_free_antivirus_setup_online.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\Temp\asw.8b2d18aeb335a9b4\aswb8b5b753e8513c87.iniJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: instup.exeString found in binary or memory: animation-start!
Source: instup.exeString found in binary or memory: <!--StartFragment-->
Source: unknownProcess created: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe "C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe"
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeProcess created: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f /online_installer
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevated
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" /check_secure_browser
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeProcess created: C:\Users\Public\Documents\aswOfferTool.exe "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeProcess created: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896fJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896fJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f /online_installerJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevatedJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" /check_secure_browserJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFCJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: version.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile written: C:\Windows\Temp\asw.8b2d18aeb335a9b4\aswb8b5b753e8513c87.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: avast_free_antivirus_setup_online.exeStatic PE information: certificate valid
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: avast_free_antivirus_setup_online.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.2184613412.00007FF62E3F0000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, aswOfferTool.exe, 00000008.00000002.2580037608.0000000000FAF000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdbG source: Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb| source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avast_free_antivirus_setup_online.exe, 00000000.00000000.2065242290.00000000001B3000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb4 source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00198130 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00198130
Source: avast_free_antivirus_setup_online.exeStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: _RDATA
Source: Instup.exe.2.drStatic PE information: section name: _RDATA
Source: HTMLayout.dll.2.drStatic PE information: section name: _RDATA
Source: aswda0f3c1b80d354c9.tmp.4.drStatic PE information: section name: _RDATA
Source: avbugreport_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: avdump_x64_ais-a52.vpx.4.drStatic PE information: section name: .didat
Source: avdump_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: avdump_x86_ais-a52.vpx.4.drStatic PE information: section name: .didat
Source: instcont_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: setgui_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: asw9f9da7bf89ba3b52.tmp.4.drStatic PE information: section name: _RDATA
Source: asw28362c53e6d8899c.tmp.4.drStatic PE information: section name: .didat
Source: asw28362c53e6d8899c.tmp.4.drStatic PE information: section name: _RDATA
Source: asw77d80baa4dd01e52.tmp.4.drStatic PE information: section name: _RDATA
Source: gcapi.dll.10.drStatic PE information: section name: .00cfg
Source: gcapi.dll.10.drStatic PE information: section name: .voltbl
Source: gcapi.dll.10.drStatic PE information: section name: malloc_h
Source: gcapi.dll.12.drStatic PE information: section name: .00cfg
Source: gcapi.dll.12.drStatic PE information: section name: .voltbl
Source: gcapi.dll.12.drStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A1396 push ecx; ret 0_2_001A13A9
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: 8_2_00F75F34 push ecx; ret 8_2_00F75F47
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 12_2_006B5F34 push ecx; ret 12_2_006B5F47

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_0019A100
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw29359dd52e91b0d9.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw28362c53e6d8899c.tmpJump to dropped file
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile created: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\offertool_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instcont_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswda0f3c1b80d354c9.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw402db6b9eb385cd4.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw6a3630dd1cf48654.tmpJump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw77d80baa4dd01e52.tmpJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeFile created: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw9f9da7bf89ba3b52.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw29359dd52e91b0d9.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw28362c53e6d8899c.tmpJump to dropped file
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile created: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\offertool_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instcont_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswda0f3c1b80d354c9.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw402db6b9eb385cd4.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw6a3630dd1cf48654.tmpJump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw77d80baa4dd01e52.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw9f9da7bf89ba3b52.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instcont_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\offertool_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeFile created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001952F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_001952F0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_0019A100
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeSection loaded: OutputDebugStringW count: 138
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeSection loaded: OutputDebugStringW count: 124
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E318730 rdtsc 4_2_00007FF62E318730
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0F8A0 CreateIoCompletionPort,CloseHandle,GetCurrentProcess,NtCreateWorkerFactory,CloseHandle,NtQueryInformationProcess,NtQuerySystemInformation,GetCurrentProcessId,CloseHandle,CloseHandle,NtQueryInformationWorkerFactory,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,7_2_00007FF7CEE0F8A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswda0f3c1b80d354c9.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw402db6b9eb385cd4.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw6a3630dd1cf48654.tmpJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeDropped PE file which has not been started: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw28362c53e6d8899c.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw9f9da7bf89ba3b52.tmpJump to dropped file
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeAPI coverage: 7.4 %
Source: C:\Users\Public\Documents\aswOfferTool.exeAPI coverage: 8.0 %
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe TID: 3628Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe TID: 7088Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe TID: 940Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe TID: 4124Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001AA4B5 FindFirstFileExW,0_2_001AA4B5
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF887F8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,7_2_00007FF7CEF887F8
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019792C VirtualQuery,GetSystemInfo,0_2_0019792C
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@_
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331046381.00000000051BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$E
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183056364.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183178482.0000021499A2A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170117039.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2171038026.0000021499A31000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW{\V
Source: Instup.exe, 00000004.00000002.3333427014.000001B2B555A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW79DEFCD480A253E45BB2D793C55EA980514023C3A129548C4B314301761F118DED66748500A1D90754396126EAC66D419842EAEE2D0FCF1B253FDA34869DASWSig2A;-12,24,1
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331046381.00000000051BB000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Instup.exe, 00000004.00000002.3333427014.000001B2B555A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2749356021.000000000515E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3329936760.000000000515E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx<
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE11F60 GetCurrentProcess,CheckRemoteDebuggerPresent,NdrClientCall3,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,GetCurrentProcess,FlushInstructionCache,7_2_00007FF7CEE11F60
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeCode function: 4_2_00007FF62E318730 rdtsc 4_2_00007FF62E318730
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF1AFB0 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LdrUnlockLoaderLock,7_2_00007FF7CEF1AFB0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001A10FF
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF8C910 GetLastError,IsDebuggerPresent,OutputDebugStringW,7_2_00007FF7CEF8C910
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0F8A0 CreateIoCompletionPort,CloseHandle,GetCurrentProcess,NtCreateWorkerFactory,CloseHandle,NtQueryInformationProcess,NtQuerySystemInformation,GetCurrentProcessId,CloseHandle,CloseHandle,NtQueryInformationWorkerFactory,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,7_2_00007FF7CEE0F8A0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00198130 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00198130
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A7C5A mov eax, dword ptr fs:[00000030h]0_2_001A7C5A
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: 8_2_00F96942 mov ecx, dword ptr fs:[00000030h]8_2_00F96942
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: 8_2_00F9E699 mov eax, dword ptr fs:[00000030h]8_2_00F9E699
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 12_2_006D6942 mov ecx, dword ptr fs:[00000030h]12_2_006D6942
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 12_2_006DE699 mov eax, dword ptr fs:[00000030h]12_2_006DE699
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001927B0 GetLastError,GetLastError,GetLastError,GetFileSizeEx,wsprintfW,SetFilePointerEx,SetEndOfFile,GetLastError,InterlockedExchange,GetProcessHeap,RtlAllocateHeap,WriteFile,InterlockedExchangeAdd,GetLastError,SetFilePointerEx,SetEndOfFile,GetLastError,GetProcessHeap,RtlFreeHeap,GetLastError,SetLastError,0_2_001927B0
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A10FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001A10FF
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A1292 SetUnhandledExceptionFilter,0_2_001A1292
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A13AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_001A13AB
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A4476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_001A4476
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AA9090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7C7AA9090
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AB8700 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7C7AB8700
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: 2_2_00007FF7C7AA955C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7C7AA955C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0B4A0 SetUnhandledExceptionFilter,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,7_2_00007FF7CEE0B4A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF8BF5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF7CEF8BF5C
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF9B654 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF7CEF9B654
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE0B6A0 GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,SetUnhandledExceptionFilter,7_2_00007FF7CEE0B6A0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83B8EA4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF8A83B8EA4
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF8A83784E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF8A83784E8
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: 8_2_00F81D41 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00F81D41
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: 8_2_00F74FBE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00F74FBE
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 12_2_006C1D41 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_006C1D41
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 12_2_006B4FBE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_006B4FBE
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeProcess created: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896fJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896fJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe "C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f /online_installerJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe "c:\windows\temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:c:\windows\temp\asw.bcf0ed0195a4896f
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe "c:\windows\temp\asw.8b2d18aeb335a9b4\new_180b17f9\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:c:\windows\temp\asw.bcf0ed0195a4896f /online_installer
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe "c:\windows\temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:c:\windows\temp\asw.bcf0ed0195a4896fJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeProcess created: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe "c:\windows\temp\asw.8b2d18aeb335a9b4\new_180b17f9\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:c:\windows\temp\asw.bcf0ed0195a4896f /online_installerJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEF1B410 FreeSid,AllocateAndInitializeSid,DuplicateToken,CheckTokenMembership,CloseHandle,GetLastError,GetLastError,GetLastError,7_2_00007FF7CEF1B410
Source: avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanUSER32.DLLWorkerWGetMonitorInfoWMonitorFromWindow%s KERNEL32.DLL
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001A153D cpuid 0_2_001A153D
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,2_2_00007FF7C7ADF5E8
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00007FF7C7AE0024
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,2_2_00007FF7C7AD6C64
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00007FF7C7ADFE48
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,2_2_00007FF7C7ADFA08
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: GetLocaleInfoW,2_2_00007FF7C7AD7140
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,2_2_00007FF7C7ADF938
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,7_2_00007FF8A83C2C98
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: GetLocaleInfoA,RtlLeaveCriticalSection,7_2_00007FF8A80F7E67
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00FA30F7
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00FA34D0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00F9D86D
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00FA3050
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_00FA35F9
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00FA31DD
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00FA3142
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00FA36FF
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,8_2_00FA3270
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,8_2_00FA2E4F
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00F9DE2A
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_00FA37CE
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: EnumSystemLocalesW,12_2_006DD86D
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,12_2_006E3050
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: EnumSystemLocalesW,12_2_006E30F7
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,12_2_006E34D0
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: EnumSystemLocalesW,12_2_006E3142
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_006E35F9
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: EnumSystemLocalesW,12_2_006E31DD
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,12_2_006E3270
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,12_2_006E2E4F
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,12_2_006DDE2A
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,12_2_006E36FF
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_006E37CE
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exeQueries volume information: C:\Windows\Temp\asw.8b2d18aeb335a9b4\servers.def.vpx VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_001941B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,0_2_001941B0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_0019A100 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_0019A100
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE03FD0 GetFileAttributesW,__std_exception_destroy,__std_exception_destroy,__std_exception_destroy,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,GetModuleFileNameW,GetFileAttributesW,__std_exception_destroy,__std_exception_destroy,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,7_2_00007FF7CEE03FD0
Source: C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exeCode function: 7_2_00007FF7CEE056C0 RemoveVectoredExceptionHandler,SetEvent,GetCurrentThreadId,RpcBindingFree,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,7_2_00007FF7CEE056C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		11
Input Capture		1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts13
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		LSASS Memory3
File and Directory Discovery		Remote Desktop Protocol11
Input Capture		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Windows Service		1
DLL Side-Loading		Security Account Manager56
System Information Discovery		SMB/Windows Admin Shares2
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Bootkit		12
Process Injection		1
DLL Search Order Hijacking		NTDS1
Query Registry		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
Masquerading		LSA Secrets271
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
Virtualization/Sandbox Evasion		Cached Domain Credentials23
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Process Injection		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Bootkit		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557017 Sample: avast_free_antivirus_setup_... Startdate: 17/11/2024 Architecture: WINDOWS Score: 45 61 v7event.stats.avast.com 2->61 63 shepherd.ff.avast.com 2->63 65 9 other IPs or domains 2->65 83 Sigma detected: Execution from Suspicious Folder 2->83 11 avast_free_antivirus_setup_online.exe 1 3 2->11         started        signatures3 process4 dnsIp5 79 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49705, 49711 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 11->79 55 avast_free_antivir...etup_online_x64.exe, PE32+ 11->55 dropped 95 Query firmware table information (likely to detect VMs) 11->95 97 Contains functionality to infect the boot sector 11->97 16 avast_free_antivirus_setup_online_x64.exe 2 31 11->16         started        file6 signatures7 process8 file9 39 C:\Windows\Temp\...\Instup.exe, PE32+ 16->39 dropped 41 C:\Windows\Temp\...\Instup.dll, PE32+ 16->41 dropped 43 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 16->43 dropped 81 Query firmware table information (likely to detect VMs) 16->81 20 Instup.exe 7 34 16->20         started        signatures10 process11 dnsIp12 67 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49716, 65090 ATGS-MMD-ASUS United States 20->67 69 w5805295.iavs9x.u.avast.com 20->69 71 5 other IPs or domains 20->71 47 C:\Windows\Temp\...\instup.exe (copy), PE32+ 20->47 dropped 49 C:\Windows\Temp\...\uat64.dll, PE32+ 20->49 dropped 51 C:\Windows\Temp\...\setgui_x64_ais-a52.vpx, PE32+ 20->51 dropped 53 20 other files (none is malicious) 20->53 dropped 85 Query firmware table information (likely to detect VMs) 20->85 87 Tries to delay execution (extensive OutputDebugStringW loop) 20->87 25 instup.exe 3 10 20->25         started        file13 signatures14 process15 dnsIp16 73 ipm-gcp-prod.ff.avast.com 34.111.24.1, 443, 65125 GOOGLEUS United States 25->73 75 z4055813.vps18tiny.u.avcdn.net 25->75 77 14 other IPs or domains 25->77 89 Query firmware table information (likely to detect VMs) 25->89 91 Tries to delay execution (extensive OutputDebugStringW loop) 25->91 93 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 25->93 29 aswOfferTool.exe 25->29         started        32 aswOfferTool.exe 25->32         started        34 aswOfferTool.exe 25->34         started        signatures17 process18 file19 57 C:\Users\Public\Documents\aswOfferTool.exe, PE32 29->57 dropped 59 C:\Windows\Temp\...\gcapi.dll, PE32 29->59 dropped 36 aswOfferTool.exe 29->36         started        process20 file21 45 C:\Users\Public\Documents\gcapi.dll, PE32 36->45 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
avast_free_antivirus_setup_online.exe0%ReversingLabs
avast_free_antivirus_setup_online.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Documents\aswOfferTool.exe0%ReversingLabs
C:\Users\Public\Documents\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\HTMLayout.dll0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.dll0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvBugReport.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvDump.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\HTMLayout.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw28362c53e6d8899c.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw29359dd52e91b0d9.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw402db6b9eb385cd4.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw6a3630dd1cf48654.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw77d80baa4dd01e52.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw9f9da7bf89ba3b52.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswda0f3c1b80d354c9.tmp0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\sbr.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\avbugreport_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x86_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\instcont_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\offertool_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\sbr_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\setgui_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat64.dll0%ReversingLabs
C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
b8003600.vps18tiny.u.avcdn.net0%VirustotalBrowse
j0294597.vps18tiny.u.avcdn.net0%VirustotalBrowse
z4055813.vps18tiny.u.avcdn.net0%VirustotalBrowse
iavs9x.u.avcdn.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://s1843811.iavs5x.u.avast.com/iavs5xcgi0%Avira URL Cloudsafe
https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny0%Avira URL Cloudsafe
http://j0294597.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://m0658849.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyI0%Avira URL Cloudsafe
http://m0658849.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://j0294597.vps#0%Avira URL Cloudsafe
http://n8283613.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe0%Avira URL Cloudsafe
http://s1843811.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://w5805295.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://j0294597.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://n2833777.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
https://csw.client.privax.comhttps://win.client.cleanup.avirahttps://win.client.secureline.avirahttp0%Avira URL Cloudsafe
http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgiy0%Avira URL Cloudsafe
http://w5805295.vpsnitro.u.avast.com/vpsnitro&0%Avira URL Cloudsafe
http://d3176133.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://w5805295.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://c3978047.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
https://pair.ff.avast.com0%Avira URL Cloudsafe
http://keys.backup.norton.com0%Avira URL Cloudsafe
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
http://n8283613.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotinyY0%Avira URL Cloudsafe
http://f3461309.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://n8283613.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://r4427608.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://j0294597.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://h4444966.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://www.avast.com0/0%Avira URL Cloudsafe
http://d3176133.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://r0965026.ivps9x.u.avast.com/ivps9xcgi0%Avira URL Cloudsafe
http://g1928587.vpsnitro.u.avast.com/vpsnitro3(q0%Avira URL Cloudsafe
http://sm00.avast.com/cgi-bin/iavsup2.cgi0%Avira URL Cloudsafe
http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://geoip.ava0%Avira URL Cloudsafe
http://p9854759.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://r3802239.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://y9830512.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://n2833777.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://z4055813.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dSe0%Avira URL Cloudsafe
http://c3978047.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://b8003600.vpsnitro.u.avast.com/vpsnitrou0%Avira URL Cloudsafe
http://n8283613.vps18tiny.u.avcdn.net/vps18tinyL7&0%Avira URL Cloudsafe
http://s1843811.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgi0%Avira URL Cloudsafe
http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotinyo?0%Avira URL Cloudsafe
http://n4291289.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://f3461309.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://r9319236.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://w5805295.vps18tiny.u.avcdn.net/vps18tinyq#30%Avira URL Cloudsafe
http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipm-gcp-prod.ff.avast.com
34.111.24.1
truefalse
    		high
    shepherd-gcp.ff.avast.com
    		34.160.176.28
    		truefalse
      		high
      analytics-prod-gcp.ff.avast.com
      		34.117.223.223
      		truefalse
        		high
        b8003600.iavs9x.u.avast.com
        		unknown
        		unknownfalse
          		high
          m0658849.iavs9x.u.avast.com
          		unknown
          		unknownfalse
            		high
            shepherd.ff.avast.com
            		unknown
            		unknownfalse
              		high
              z4055813.vps18tiny.u.avcdn.net
              		unknown
              		unknownfalseunknown
              n2833777.iavs9x.u.avast.com
              		unknown
              		unknownfalse
                		high
                l7814800.iavs9x.u.avast.com
                		unknown
                		unknownfalse
                  		high
                  b8003600.vps18tiny.u.avcdn.net
                  		unknown
                  		unknownfalseunknown
                  j0294597.vps18tiny.u.avcdn.net
                  		unknown
                  		unknownfalseunknown
                  ipm.avcdn.net
                  		unknown
                  		unknownfalse
                    		high
                    ipmcdn.avast.com
                    		unknown
                    		unknownfalse
                      		high
                      iavs9x.u.avcdn.net
                      		unknown
                      		unknownfalseunknown
                      h4444966.vps18tiny.u.avcdn.net
                      		unknown
                      		unknownfalse
                        		unknown
                        v7event.stats.avast.com
                        		unknown
                        		unknownfalse
                          		high
                          r9319236.iavs9x.u.avast.com
                          		unknown
                          		unknownfalse
                            		high
                            s-iavs9x.avcdn.net
                            		unknown
                            		unknownfalse
                              		high
                              w5805295.iavs9x.u.avast.com
                              		unknown
                              		unknownfalse
                                		high
                                s-vps18tiny.avcdn.net
                                		unknown
                                		unknownfalse
                                  		unknown
                                  analytics.avcdn.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    l4691727.iavs9x.u.avast.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      z4055813.iavs9x.u.avast.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        r6726306.iavs9x.u.avast.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          y8002308.vps18tiny.u.avcdn.net
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            analytics.ff.avast.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://shepherd.ff.avast.com/false
                                                		high
                                                https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%225bee0db5-140b-4567-a82a-8d917bd4e4de%22%2C%22hwid%22%3A%221F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%2C%22tracking%22%3A%5B%7B%22key%22%3A%22LicenseBusinessSource%22%2C%22value%22%3A%22NotSet%22%7D%5D%2C%22brand%22%3A%22Avast%22%2C%22placement_type%22%3A%22setup%22%2C%22message_name%22%3A%22setup-avast-offer_nitro-secure-browser%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7Dfalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://s1843811.iavs5x.u.avast.com/iavs5xcgiInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://j0294597.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://n8283613.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://j0294597.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://s-vpsnitrotiny.avcdn.net/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://p1043812.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://r4427608.iavs9x.u.avast.com/iavs9x9tinyInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://c3978047.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgiavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807839611.00000214999C1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.00000214999C1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183056364.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999C6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183178482.0000021499A2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://h4444966.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://m0658849.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://j0294597.vps#avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://m0658849.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.google.com/chrome/browser/privacy/chrome_priv_policyhttps://www.google.com/intl/%s/chromavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://s1843811.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeavast_free_antivirus_setup_online.exe, 00000000.00000003.2366738425.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330400164.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.000000000517A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://n8283613.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyIInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exeInstup.exe, 00000004.00000002.3332227075.000001B2B3A98000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://s1843811.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://j0294597.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi1Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://l2983942.iavs9x.u.avast.com/iavs9x8tinyvInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://w5805295.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://winqual.sb.avast.comavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://w5805295.vpsnitro.u.avast.com/vpsnitro&Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi)Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://csw.client.privax.comhttps://win.client.cleanup.avirahttps://win.client.secureline.avirahttpavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://n2833777.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiW?5Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avast_free_antivirus_setup_online.exe, 00000000.00000003.2148986737.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3331163244.00000000051C7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749121446.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2366738425.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2367485378.00000000051B9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3330400164.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749315859.000000000517A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2207139869.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198422409.0000021499A2E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3330223374.0000021499A31000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2198340961.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183056364.0000021499A26000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170862829.0000021499A37000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2183178482.0000021499A2A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2170117039.0000021499A31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://submit5.avast.com/cgi-bin/submit50.cgiyInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://w5805295.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiAInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://d3176133.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://c3978047.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotinyYInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://pair.ff.avast.comavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B6716000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://n8283613.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://r4427608.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://y8002308.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B698A000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463899063.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305301731.000001B2B6989000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://outside-scanner.ff.avast.com/v2/inspectionol.exeInstup.exe, 00000004.00000002.3334074725.000001B2B5C26000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://https://:allow_fallback/installer.exeavast_free_antivirus_setup_online.exe, 00000000.00000000.2065242290.00000000001B3000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://y8002308.iavs9x.u.avast.com/iavs9x8tinyInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://n8283613.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://z4055813.iavs9x.u.avast.com/iavs9xiInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://v7.stats.avast.com/cgi-bin/iavs4stats.cgityInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://j0294597.iavs9x.u.avast.com/iavs9xcgiyInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiic9Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://f3461309.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://v7.stats.avast.com/cgi-bin/iavs4stats.cgimpInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://keys.backup.norton.comavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://j0294597.vps18tiny.u.avcdn.net/vps18tinyInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://h4444966.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://f3461309.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://g1928587.vpsnitro.u.avast.com/vpsnitro3(qInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.avast.com0/avast_free_antivirus_setup_online.exe, 00000000.00000003.2144536547.00000000051C8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F9E5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2173708205.000002149E3BA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2175445008.000002149FD49000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2432214054.000001B2B748F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465018819.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2460507225.000001B2B75FB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8D6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2465624400.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463764538.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2474529515.000001B2B7486000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2462267492.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2353255075.000001B2B7482000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2285632099.000001B2B6E6B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2478113935.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463499624.000001B2B7483000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2481658726.000001B2B7484000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2310327846.000001B2B6C8D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2473577442.000001B2B69C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2331430167.000001B2B6C88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://d3176133.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://geoip.avaavast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3329358982.00000214999A3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2807481973.000002149999D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://p9854759.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://sm00.avast.com/cgi-bin/iavsup2.cgiavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0982000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://r0965026.ivps9x.u.avast.com/ivps9xcgiInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://l2983942.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://n2833777.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://p9854759.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://r3802239.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://n2833777.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://y9830512.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://z4055813.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3339656349.000001B8E1CF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://v7event.stats.avast.com/avast_free_antivirus_setup_online.exe, 00000000.00000003.2749427832.00000000051C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://c3978047.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://r6726306.iavs9x.u.avast.com/iavs9x~%4Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://y9830512.iavs9x.u.avast.com/iavs9xcgiInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.google.com/intl/%s/policies/terms/google_termslearn_moreAvBehav_Googlechrome_trygoogle_tavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://s1843811.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://n8283613.vps18tiny.u.avcdn.net/vps18tinyL7&Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://b8003600.vpsnitro.u.avast.com/vpsnitrouInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dSeavast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://submit5.avast.com/cgi-bin/submit50.cgiInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B675D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09F1000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotinyo?Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://r9319236.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://w5805295.vps18tiny.u.avcdn.net/vps18tinyq#3Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://f3461309.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi;wavast_free_antivirus_setup_online.exe, 00000000.00000002.3329589709.0000000005157000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://analytics.avcdn.net/v4/receive/json/%davast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2182170992.000002149F17E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000000.2147761178.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmp, Instup.exe, 00000004.00000003.2413661101.000001B2B8506000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://n4291289.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://n2833777.iavs9x.u.avast.com/iavs9xInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337128159.000001B8E0952000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://p1043812.iavs9x.u.avast.com/iavs9x.cgiInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://z4055813.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://r0965026.iavs9x.u.avast.com/iavs9x8tinyInstup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3337555106.000001B2B693F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2329787980.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5A50000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2463832657.000001B2B6948000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2305192739.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2431594062.000001B2B6946000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2352364651.000001B2B6946000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://w5805295.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000002.00000003.2158539818.000002149E260000.00000004.00000800.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3336534498.000001B2B680B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3334074725.000001B2B5B9C000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3337278729.000001B8E09AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  34.111.24.1
                                                                                                                                  		ipm-gcp-prod.ff.avast.comUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  34.160.176.28
                                                                                                                                  		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                  		2686ATGS-MMD-ASUSfalse
                                                                                                                                  34.117.223.223
                                                                                                                                  		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                  		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                  Analysis ID:1557017
                                                                                                                                  Start date and time:2024-11-17 04:00:19 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 10m 46s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:13
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:avast_free_antivirus_setup_online.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal45.evad.winEXE@14/62@91/3
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                  HCA Information:Failed
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 216.239.34.178, 216.239.38.178, 216.239.36.178, 216.239.32.178, 2.20.245.135, 2.20.245.134, 2.19.198.50, 23.32.238.160, 96.16.122.45, 96.16.122.51, 23.212.89.10, 2.20.93.64, 23.32.238.162, 23.32.238.89, 172.217.18.8, 23.212.88.245
                                                                                                                                  • Excluded domains from analysis (whitelisted): u4.avcdn.net.edgesuite.net, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, e9229.dscd.akamaiedge.net, www-alv.google-analytics.com, ctldl.windowsupdate.com, a117.dscd.akamai.net, iavs9x4.u.avcdn.net.edgesuite.net, e13223.dscd.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, a27.dscd.akamai.net, ssl.google-analytics.com, fallbackupdates.avcdn.net.edgekey.net, ocsp.digicert.com, ipmcdn.avast.com.edgekey.net, www.google-analytics.com
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  22:01:19API Interceptor2x Sleep call for process: avast_free_antivirus_setup_online.exe modified
                                                                                                                                  22:01:22API Interceptor289x Sleep call for process: avast_free_antivirus_setup_online_x64.exe modified
                                                                                                                                  22:01:25API Interceptor1x Sleep call for process: Instup.exe modified
                                                                                                                                  22:02:00API Interceptor3x Sleep call for process: instup.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  34.117.223.223Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                  • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                  34.160.176.28https://www.ccleaner.com/Get hashmaliciousUnknownBrowse
                                                                                                                                    https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                      https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                        SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      shepherd-gcp.ff.avast.comhttps://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      ccsetup624.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      analytics-prod-gcp.ff.avast.comhttps://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      94.exeGet hashmaliciousUrsnifBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exeGet hashmaliciousUrsnifBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      ccsetup624.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                      • 34.116.198.130
                                                                                                                                                      ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      • 34.160.144.191
                                                                                                                                                      https://www.hopp.bio/granovitasauGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.49.229.81

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      74954a0c86284d0d6e1c4efefe92b521file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      file.exeGet hashmaliciousCStealerBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      https://storage.googleapis.com/windows_bucket1/turbo/download/TurboVPN_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      #U2749VER CUENTA#U2749_#U2464#U2466#U2460#U2462#U2463#U2460#U2466#U2462.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      6725c86d7fc7b.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      26HY8aPgae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      26HY8aPgae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      upb.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      6724f91d7b548.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28
                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                      • 34.117.223.223
                                                                                                                                                      • 34.111.24.1
                                                                                                                                                      • 34.160.176.28

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      C:\Users\Public\Documents\gcapi.dllSecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        ATT00001.htmGet hashmaliciousUnknownBrowse

                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                          C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (498), with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):51833
                                                                                                                                                                          Entropy (8bit):5.22912289874594
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:qvx75PVboNsHcJmyoxb6ttimWm/+h5XmoyLzItMZiOm5jiwSFyO:qx75PVEzKWnctMwYwSFyO
                                                                                                                                                                          MD5:62DE5794E8CD099E29318BA1E024F7D6
                                                                                                                                                                          SHA1:B002EFC76CCDE3171C1C97B02961C272A8A5E61A
                                                                                                                                                                          SHA-256:E4ED316977A3AA0B7866308F0BE8322B2811775710B4786C8BBDDB8AEE6C6E90
                                                                                                                                                                          SHA-512:A5AF81EED08296F604E869F1F187F2C33D7EA6E09A6E3D6B96F39225C18B211DD2FF5D9B03AA6E2BC3C5F78EF5F7E713F5A1EAF63F96DC1506DD4D7870A59595
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:.[2024-11-17 03:01:20.035] [info ] [sfxinst ] [ 3868: 6368] [593C85:1011] --..[2024-11-17 03:01:20.035] [info ] [sfxinst ] [ 3868: 6368] [593C85:1012] START: Avast SFX stub executable..[2024-11-17 03:01:20.035] [info ] [sfxinst ] [ 3868: 6368] [593C85: 307] Entering SFX stub guarded code section...[2024-11-17 03:01:20.035] [info ] [sfxinst ] [ 3868: 6368] [593C85: 406] Running SFX 'C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe'..[2024-11-17 03:01:21.019] [info ] [sfxinst ] [ 3868: 6368] [593C85: 648] Moved extra data file 'ecoo.edat' to 'C:\Windows\Temp\asw.8b2d18aeb335a9b4\cookie.bin'...[2024-11-17 03:01:22.160] [notice ] [burger_rep ] [ 3868: 6556] [0CE298: 64] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-11-17 03:01:53.482] [info ] [sfxinst ] [ 3868: 6368] [593C85: 938] Starting installer/updater executable 'C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup.exe'..[

                                                                                                                                                                          C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):281
                                                                                                                                                                          Entropy (8bit):4.639418802884004
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:u4zW/Om/oEUig3IKw6B6TjyZw/OxZIig3IKw6B6Tjy3:u4y/JQE+16qZw/Ay16q3
                                                                                                                                                                          MD5:60043D3B356EC55891B97AD5C7996F36
                                                                                                                                                                          SHA1:A4F79A1EAB0525AD64E9E25FBC69D25D46D745AF
                                                                                                                                                                          SHA-256:6628CC206429107943D54A4CDD6A8591F742CE2B1C0FE2F1BCDD6A44A738852B
                                                                                                                                                                          SHA-512:508DB14F9714F22D5C36426631EE1F4631EE74D75B556D07DBE28970225733777E12D89A13AA25C98BAA5E7595B641B39D03E93CFF0DA1EE3EEE2EC3FA2BF2F3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:.[2024-11-17 03:01:57.437] [info ] [burger ] [ 4196: 1252] [7BC2B2: 55] Storage path was not set so neither stored events are read...[2024-11-17 03:02:31.976] [info ] [burger ] [ 6564: 1524] [7BC2B2: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                          C:\Users\Public\Documents\aswOfferTool.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2494808
                                                                                                                                                                          Entropy (8bit):6.788672549451929
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                                          MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                                          SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                                          SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\Public\Documents\gcapi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):888600
                                                                                                                                                                          Entropy (8bit):6.799400661071435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                          MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                          SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                          SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                          SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: ATT00001.htm, Detection: malicious, Browse
                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\HTMLayout.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4144936
                                                                                                                                                                          Entropy (8bit):6.480296620316725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                                          MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                                          SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                                          SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                                          SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):22801704
                                                                                                                                                                          Entropy (8bit):6.535582973837928
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                                          MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                                          SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                                          SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                                          SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3845976
                                                                                                                                                                          Entropy (8bit):6.446087740263079
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                                          MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                                          SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                                          SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                                          SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvBugReport.exe (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5974312
                                                                                                                                                                          Entropy (8bit):6.5089634796762645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:h4UK+0gSE5JsDIUG1hH5jDU1oz1ffhu0mkVunrAWG:h4UKDDcHpDIoz1ffhu0mkVunrD
                                                                                                                                                                          MD5:5EB7F2A77F38CC890E1C673DD56FC398
                                                                                                                                                                          SHA1:DB04D0804F3AF875481EB1587E402673B81D3702
                                                                                                                                                                          SHA-256:C21A7EFF706500F52DECF9E3E56B32D745117E0E3915A993FE09F42759933583
                                                                                                                                                                          SHA-512:C3F118CC6E4725883A490CADC01D6EE127F61F7120D24723FB0BE10E5E6BDA532431948EE9EA25C2F9F49DB90774766055610FEF609A1CA5FC73638322E8BA57
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........&.R.G...G...G...5...G...5...G....`..G......G......G......G...?...G...2...G...2..sG...2...G...G...G...2...G...2...G...5...G...5...G...G...E......F......G....b..G...G...G......G..Rich.G..........................PE..d...:.+g.........."....&..>....................@..............................[......`[...`...........................................P.......P.h....`[......PX.....H.Z..*...p[..v....H.......................H.(...p.H.@............0>..............................text...\.>.......>................. ..`.rdata..J"...0>..$....>.............@..@.data........`P..B...<P.............@....pdata.......PX......~W.............@..@_RDATA.......P[......|Z.............@..@.rsrc........`[......~Z.............@..@.reloc...v...p[..x....Z.............@..B................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\AvDump.exe (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3490088
                                                                                                                                                                          Entropy (8bit):6.471350218694381
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hUibSM+WrqZSA6y1MlO0WWu6osCXHtX49IAsrtPtxlCtTJ+T1cTyyaJJtd1gqm3:h3CW10IWXp4+Mx
                                                                                                                                                                          MD5:4FBA79C03BE659487FA0828C4AA48A90
                                                                                                                                                                          SHA1:AE0D8BBE50195CAE68265124081C5326AF069323
                                                                                                                                                                          SHA-256:9E64033FD4E5D44D766BB5ADF415CF9D1A5372E350E042BCE324147FABD7D9E3
                                                                                                                                                                          SHA-512:CC489DF290E704D340B6C429719A4BDDAB5FA8B0287E45931F9AF990FD127F350D3A20B94B5C804A3BE5140EDAB5FD8311B4B31856C831C02B69DFFCADB9A46B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......9@L>}!"m}!"m}!"m.S!lv!"m.S'l.!"m.S&la!"m{..m~!"m{.&lo!"m{.!li!"m{.'l.!"mtY.m.!"m.T&l|!"m}!"mz!"m+T'l~!"m.S#ld!"m.T'lt!"m}!#m. "m..+l.!"m.."l|!"m...m|!"m}!.m.!"m.. l|!"mRich}!"m................PE..d....+g.........."....&.. ....................@..............................5......26...`.........................................`.,.....D ,.......4.8.....3.,...H.5..*....5..U....&.......................&.(...p.".@............. .`.....,.@....................text...|. ....... ................. ..`.rdata....... ....... .............@..@.data........P,..4....,.............@....pdata..,.....3......b2.............@..@.didat..P.....4.......3.............@..._RDATA........4.......3.............@..@.rsrc...8.....4.......3.............@..@.reloc...U....5..V....4.............@..B................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\HTMLayout.dll (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4144936
                                                                                                                                                                          Entropy (8bit):6.480296620316725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                                          MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                                          SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                                          SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                                          SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw28362c53e6d8899c.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3490088
                                                                                                                                                                          Entropy (8bit):6.471350218694381
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hUibSM+WrqZSA6y1MlO0WWu6osCXHtX49IAsrtPtxlCtTJ+T1cTyyaJJtd1gqm3:h3CW10IWXp4+Mx
                                                                                                                                                                          MD5:4FBA79C03BE659487FA0828C4AA48A90
                                                                                                                                                                          SHA1:AE0D8BBE50195CAE68265124081C5326AF069323
                                                                                                                                                                          SHA-256:9E64033FD4E5D44D766BB5ADF415CF9D1A5372E350E042BCE324147FABD7D9E3
                                                                                                                                                                          SHA-512:CC489DF290E704D340B6C429719A4BDDAB5FA8B0287E45931F9AF990FD127F350D3A20B94B5C804A3BE5140EDAB5FD8311B4B31856C831C02B69DFFCADB9A46B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......9@L>}!"m}!"m}!"m.S!lv!"m.S'l.!"m.S&la!"m{..m~!"m{.&lo!"m{.!li!"m{.'l.!"mtY.m.!"m.T&l|!"m}!"mz!"m+T'l~!"m.S#ld!"m.T'lt!"m}!#m. "m..+l.!"m.."l|!"m...m|!"m}!.m.!"m.. l|!"mRich}!"m................PE..d....+g.........."....&.. ....................@..............................5......26...`.........................................`.,.....D ,.......4.8.....3.,...H.5..*....5..U....&.......................&.(...p.".@............. .`.....,.@....................text...|. ....... ................. ..`.rdata....... ....... .............@..@.data........P,..4....,.............@....pdata..,.....3......b2.............@..@.didat..P.....4.......3.............@..._RDATA........4.......3.............@..@.rsrc...8.....4.......3.............@..@.reloc...U....5..V....4.............@..B................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw29359dd52e91b0d9.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2494808
                                                                                                                                                                          Entropy (8bit):6.788672549451929
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                                          MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                                          SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                                          SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw402db6b9eb385cd4.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20776
                                                                                                                                                                          Entropy (8bit):6.666276726657009
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:9xaZ9QOb3KiVm+U28iAmIYiWop1/wfT3ir2WSx7bLu2:9YZ99bhU28iSYic3iPmbL
                                                                                                                                                                          MD5:E604C448F9DAAD033021B419CF03C534
                                                                                                                                                                          SHA1:B4918BA6D91A5F3338425DF2AEB71467C64E1EAD
                                                                                                                                                                          SHA-256:C318DF6F10D3041293015097F2E868AE5D0FB0FD32EBCBD4B512BC660DDA4B88
                                                                                                                                                                          SHA-512:4276A4EC8F3F94062A268A8EF17ED1E0AC30441553044E9205C23344EECA45BA28851BBA48867AAAD3354BEE285C6C81A3DE1595E5D025BAC3692DA3D1A97EA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...%.+g.........."....&.....0.................@.............................p......'.....`..................................................&..d....`..`....P......H&...*...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw6a3630dd1cf48654.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):22801704
                                                                                                                                                                          Entropy (8bit):6.535582973837928
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                                          MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                                          SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                                          SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                                          SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw77d80baa4dd01e52.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3845976
                                                                                                                                                                          Entropy (8bit):6.446087740263079
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                                          MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                                          SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                                          SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                                          SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\asw9f9da7bf89ba3b52.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5974312
                                                                                                                                                                          Entropy (8bit):6.5089634796762645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:h4UK+0gSE5JsDIUG1hH5jDU1oz1ffhu0mkVunrAWG:h4UKDDcHpDIoz1ffhu0mkVunrD
                                                                                                                                                                          MD5:5EB7F2A77F38CC890E1C673DD56FC398
                                                                                                                                                                          SHA1:DB04D0804F3AF875481EB1587E402673B81D3702
                                                                                                                                                                          SHA-256:C21A7EFF706500F52DECF9E3E56B32D745117E0E3915A993FE09F42759933583
                                                                                                                                                                          SHA-512:C3F118CC6E4725883A490CADC01D6EE127F61F7120D24723FB0BE10E5E6BDA532431948EE9EA25C2F9F49DB90774766055610FEF609A1CA5FC73638322E8BA57
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........&.R.G...G...G...5...G...5...G....`..G......G......G......G...?...G...2...G...2..sG...2...G...G...G...2...G...2...G...5...G...5...G...G...E......F......G....b..G...G...G......G..Rich.G..........................PE..d...:.+g.........."....&..>....................@..............................[......`[...`...........................................P.......P.h....`[......PX.....H.Z..*...p[..v....H.......................H.(...p.H.@............0>..............................text...\.>.......>................. ..`.rdata..J"...0>..$....>.............@..@.data........`P..B...<P.............@....pdata.......PX......~W.............@..@_RDATA.......P[......|Z.............@..@.rsrc........`[......~Z.............@..@.reloc...v...p[..x....Z.............@..B................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2494808
                                                                                                                                                                          Entropy (8bit):6.788672549451929
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                                          MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                                          SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                                          SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswda0f3c1b80d354c9.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4144936
                                                                                                                                                                          Entropy (8bit):6.480296620316725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                                          MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                                          SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                                          SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                                          SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\gcapi.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe
                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):888600
                                                                                                                                                                          Entropy (8bit):6.799400661071435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                          MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                          SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                          SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                          SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.dll (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):22801704
                                                                                                                                                                          Entropy (8bit):6.535582973837928
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                                          MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                                          SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                                          SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                                          SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3845976
                                                                                                                                                                          Entropy (8bit):6.446087740263079
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                                          MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                                          SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                                          SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                                          SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\sbr.exe (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20776
                                                                                                                                                                          Entropy (8bit):6.666276726657009
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:9xaZ9QOb3KiVm+U28iAmIYiWop1/wfT3ir2WSx7bLu2:9YZ99bhU28iSYic3iPmbL
                                                                                                                                                                          MD5:E604C448F9DAAD033021B419CF03C534
                                                                                                                                                                          SHA1:B4918BA6D91A5F3338425DF2AEB71467C64E1EAD
                                                                                                                                                                          SHA-256:C318DF6F10D3041293015097F2E868AE5D0FB0FD32EBCBD4B512BC660DDA4B88
                                                                                                                                                                          SHA-512:4276A4EC8F3F94062A268A8EF17ED1E0AC30441553044E9205C23344EECA45BA28851BBA48867AAAD3354BEE285C6C81A3DE1595E5D025BAC3692DA3D1A97EA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...%.+g.........."....&.....0.................@.............................p......'.....`..................................................&..d....`..`....P......H&...*...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\Stats.ini (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                          Entropy (8bit):3.2523664094525224
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                          MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                          SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                          SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                          SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\Stats.ini.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):336
                                                                                                                                                                          Entropy (8bit):3.2523664094525224
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                          MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                          SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                          SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                          SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\asw8956fd5a775ec648.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1458), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1847
                                                                                                                                                                          Entropy (8bit):5.013443601340062
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:TTSAiaCN6NFBnC5B8wqRfaSIqG9Z9QwqUTK2Hu8nO:HFVDdeK9aSanQ8KonO
                                                                                                                                                                          MD5:C77C16610AE28DB5F9F343D7A63A6D69
                                                                                                                                                                          SHA1:64824A1B349330AF9B55C550E0654D946B1B9FA5
                                                                                                                                                                          SHA-256:76EADEEBC673AA6F763D1670236DDA83018B4FB2F2F03A3A6358743175CB527C
                                                                                                                                                                          SHA-512:714AEB937C61C204878953AAF1DD636690C2525B0607249CFC9516369FA3F52321EFB72682B7706885C67063D9C962B67350D233C9FC6F77014CB9008BE06347
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...[Shepherd]..ABTests=19fa92d7-cec3-489b-9f86-f88a9780902e:A,49afa038-20e4-4cff-b058-f7c69b5a850d:A,AV-32666-v1-fake:b,Indruch_SS_4Thursdays_fake:d,av-32836-v2-fake:b,av-39646-v2-fake:a,f269135a-abf6-41df-a90a-13b411c26efa:A,ipmb-12910-v1:a,oa-7466-v0:c..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_email-signatures_opswatenabled_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_not-avast-one_version-18.6-and-higher_icarus-migration-free-release_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-read-mode-release_quic-on_emailscanner-ignored-processes_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_version-20.9-and-higher_pups-

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\asw8956fd5a775ec648.tmp (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38307
                                                                                                                                                                          Entropy (8bit):5.84351793825309
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Ws1bebXC3i3d7rlUBbsY4xJchipyIqo1IzJtTE6vPPTK5vu:J1Sb6AdHQwdIzJt46vPPTx
                                                                                                                                                                          MD5:DF3B88D1739A9B9660CDA9683B29F86F
                                                                                                                                                                          SHA1:C2FB1FE9976FDC4DFFE2B004991986EAA8ED9D11
                                                                                                                                                                          SHA-256:C34DDAD30211B25E77F6BFDFF9543709D5D76EB3C045C24F3806CFE29878F45A
                                                                                                                                                                          SHA-512:BBA56E034D8D30E40286960FBE9AAFA3CBBFB2A44E8FDF3EA18DA6101F2F9D53B134F789FD74B22071AB0520EFF535750F371543974C25412AA73DFA33F9963B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\asw8956fd5a775ec648.tmp.new

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):38307
                                                                                                                                                                          Entropy (8bit):5.84351793825309
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:Ws1bebXC3i3d7rlUBbsY4xJchipyIqo1IzJtTE6vPPTK5vu:J1Sb6AdHQwdIzJt46vPPTx
                                                                                                                                                                          MD5:DF3B88D1739A9B9660CDA9683B29F86F
                                                                                                                                                                          SHA1:C2FB1FE9976FDC4DFFE2B004991986EAA8ED9D11
                                                                                                                                                                          SHA-256:C34DDAD30211B25E77F6BFDFF9543709D5D76EB3C045C24F3806CFE29878F45A
                                                                                                                                                                          SHA-512:BBA56E034D8D30E40286960FBE9AAFA3CBBFB2A44E8FDF3EA18DA6101F2F9D53B134F789FD74B22071AB0520EFF535750F371543974C25412AA73DFA33F9963B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\aswb8b5b753e8513c87.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (628), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):904
                                                                                                                                                                          Entropy (8bit):5.16252709414254
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:O1FIAgaG0R/qvFPzaw5uF3McqevQ/lTKFYlKmEqXO:+FSaKFOBFp3I/lTK+SUO
                                                                                                                                                                          MD5:911236F9C9B8A0FC2DECE7ACE93B6F3F
                                                                                                                                                                          SHA1:BBB3FE4FC5D9F7E6154555AB19D99AF8176D75CC
                                                                                                                                                                          SHA-256:E14FE7CF77E21C33F8CC5E080D411B523ACF79914EEDAD0B6CAE4F3B91D45737
                                                                                                                                                                          SHA-512:37DDD3D7FCEC5EEFFBCEAE3A48836535F1443D9621353744F7263F8A57F061928832BDE709BD978FF41B0A6576DCC84E8BAD9E3066F62B5EF4D5D18F9274C61E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...[Shepherd]..ABTests=49afa038-20e4-4cff-b058-f7c69b5a850d:A,Indruch_SS_4Thursdays_fake:d,av-32836-v2-fake:b,av-39646-v2-fake:a,oa-7466-v0:c..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_not-avast-one_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ispublicrelease_versions-older-than-24.6_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-9f4def122112ec25bfe98e9c5b47780e4330caf2e810e507ae27d0ec074d08b0..ConfigVersion=5198..LastUpdate=1731812517..NextUpdate=1731883471..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\aswb8b5b753e8513c87.tmp (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34405
                                                                                                                                                                          Entropy (8bit):5.852388654059038
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:/CWZbXT3ihM2Pzrr14xJchipVIqovIzJtTE6vPPTxtt2:5bL8fX5IzJt46vPPT0
                                                                                                                                                                          MD5:55C358878428FA029298E95918C64173
                                                                                                                                                                          SHA1:DCB45D4B434D4B88F9E277156034E19DD539A1B2
                                                                                                                                                                          SHA-256:65A8364D984F13F365CD5521B02026E1D358BDA51563AEFA7400A09B85BCDF3F
                                                                                                                                                                          SHA-512:05097038300121C36DA842FAC34CF1894D0A55E02986DE42AF31FA5269F0B47544DA2AD16573E931B426EFCB2F5E9E2290859C7EE2E3FB2EA2206097E82B07CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFil

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\aswb8b5b753e8513c87.tmp.new

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):34405
                                                                                                                                                                          Entropy (8bit):5.852388654059038
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:/CWZbXT3ihM2Pzrr14xJchipVIqovIzJtTE6vPPTxtt2:5bL8fX5IzJt46vPPT0
                                                                                                                                                                          MD5:55C358878428FA029298E95918C64173
                                                                                                                                                                          SHA1:DCB45D4B434D4B88F9E277156034E19DD539A1B2
                                                                                                                                                                          SHA-256:65A8364D984F13F365CD5521B02026E1D358BDA51563AEFA7400A09B85BCDF3F
                                                                                                                                                                          SHA-512:05097038300121C36DA842FAC34CF1894D0A55E02986DE42AF31FA5269F0B47544DA2AD16573E931B426EFCB2F5E9E2290859C7EE2E3FB2EA2206097E82B07CB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFil

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\avbugreport_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):5974312
                                                                                                                                                                          Entropy (8bit):6.5089634796762645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:98304:h4UK+0gSE5JsDIUG1hH5jDU1oz1ffhu0mkVunrAWG:h4UKDDcHpDIoz1ffhu0mkVunrD
                                                                                                                                                                          MD5:5EB7F2A77F38CC890E1C673DD56FC398
                                                                                                                                                                          SHA1:DB04D0804F3AF875481EB1587E402673B81D3702
                                                                                                                                                                          SHA-256:C21A7EFF706500F52DECF9E3E56B32D745117E0E3915A993FE09F42759933583
                                                                                                                                                                          SHA-512:C3F118CC6E4725883A490CADC01D6EE127F61F7120D24723FB0BE10E5E6BDA532431948EE9EA25C2F9F49DB90774766055610FEF609A1CA5FC73638322E8BA57
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........&.R.G...G...G...5...G...5...G....`..G......G......G......G...?...G...2...G...2..sG...2...G...G...G...2...G...2...G...5...G...5...G...G...E......F......G....b..G...G...G......G..Rich.G..........................PE..d...:.+g.........."....&..>....................@..............................[......`[...`...........................................P.......P.h....`[......PX.....H.Z..*...p[..v....H.......................H.(...p.H.@............0>..............................text...\.>.......>................. ..`.rdata..J"...0>..$....>.............@..@.data........`P..B...<P.............@....pdata.......PX......~W.............@..@_RDATA.......P[......|Z.............@..@.rsrc........`[......~Z.............@..@.reloc...v...p[..x....Z.............@..B................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3490088
                                                                                                                                                                          Entropy (8bit):6.471350218694381
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:hUibSM+WrqZSA6y1MlO0WWu6osCXHtX49IAsrtPtxlCtTJ+T1cTyyaJJtd1gqm3:h3CW10IWXp4+Mx
                                                                                                                                                                          MD5:4FBA79C03BE659487FA0828C4AA48A90
                                                                                                                                                                          SHA1:AE0D8BBE50195CAE68265124081C5326AF069323
                                                                                                                                                                          SHA-256:9E64033FD4E5D44D766BB5ADF415CF9D1A5372E350E042BCE324147FABD7D9E3
                                                                                                                                                                          SHA-512:CC489DF290E704D340B6C429719A4BDDAB5FA8B0287E45931F9AF990FD127F350D3A20B94B5C804A3BE5140EDAB5FD8311B4B31856C831C02B69DFFCADB9A46B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......9@L>}!"m}!"m}!"m.S!lv!"m.S'l.!"m.S&la!"m{..m~!"m{.&lo!"m{.!li!"m{.'l.!"mtY.m.!"m.T&l|!"m}!"mz!"m+T'l~!"m.S#ld!"m.T'lt!"m}!#m. "m..+l.!"m.."l|!"m...m|!"m}!.m.!"m.. l|!"mRich}!"m................PE..d....+g.........."....&.. ....................@..............................5......26...`.........................................`.,.....D ,.......4.8.....3.,...H.5..*....5..U....&.......................&.(...p.".@............. .`.....,.@....................text...|. ....... ................. ..`.rdata....... ....... .............@..@.data........P,..4....,.............@....pdata..,.....3......b2.............@..@.didat..P.....4.......3.............@..._RDATA........4.......3.............@..@.rsrc...8.....4.......3.............@..@.reloc...U....5..V....4.............@..B................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\avdump_x86_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3236136
                                                                                                                                                                          Entropy (8bit):6.5945068024923765
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:PHWR+O4KLV0MYiXCVovWj6yto/MfEiXnzXKggtMt+tZDvmg1GzyyVS6+FfvemUu5:vFO4oV0MYjRj6N/MftXQfW
                                                                                                                                                                          MD5:F93218B20EA901317D5635521C199DA6
                                                                                                                                                                          SHA1:10DFAF2D6B6CAD110DB9FFEF48663B03FA34961C
                                                                                                                                                                          SHA-256:07B44320DD89928FABC1721528A1D087F74B99F93440B5FEF64B9B17B32D05D5
                                                                                                                                                                          SHA-512:F127F6E6F097C1E229B74CC2E4BBC23624E7387D66C2EC185459995760288247BF9F4AB321501939A8F3AD0C9818A203885E791483590733530F9A6DBCE6CF21
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......+&..oG.^oG.^oG.^.5._.G.^.5._wG.^i.Y^lG.^i._{G.^i._uG.^i._.G.^.5._~G.^f?7^mG.^.2._nG.^oG.^iG.^92._lG.^.5._vG.^.2._fG.^oG.^.F.^.._.G.^.._nG.^..[^nG.^oG3^mG.^.._nG.^RichoG.^................PE..L.....+g...............&....................0....@...........................1....._H2...@.........................pp(.....Tq(......./.8...........H61..*..../. ...T.$.......................$.......!.@............0......4n(.@....................text............................... ..`.rdata...`...0...b..................@..@.data....]....(.......(.............@....didat..(...../......n..............@....rsrc...8...../......p..............@..@.reloc.. ...../......</.............@..B................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\config.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):33874
                                                                                                                                                                          Entropy (8bit):5.851533903468576
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:FCWZbXD3iIPXxwrrbxJchi7bqovIzJtTE6vPPOMtPT:7bbZ5ejIzJt46vPPO+
                                                                                                                                                                          MD5:261DCF82F4B8D725C17967E33FCD3471
                                                                                                                                                                          SHA1:3E09340A8BDE2848BB73FC9795A24BE9B3271ED3
                                                                                                                                                                          SHA-256:E1B432AB609929F65E8606297A98B8BD326B705EBCEB6BC07935EEA7F3709C9B
                                                                                                                                                                          SHA-512:25B02D5BB1D840CB5600CF707B980009A74C7BBAB53B58364490ADDD588442153D390C11B8A9E0ED6322E179C61FB307A7650B5245518340DF3F591746D06E4A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..AT

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\config.def.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11216
                                                                                                                                                                          Entropy (8bit):7.983443291785675
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:TuqyI+wSkC2W/8a9T3ceFpomkeadIEDlN/cAdvwaZflktMzyJdiayuAzF5Qy0:HyRwSR2y8aVsUgNDvcKZZNnzCiaxcjb0
                                                                                                                                                                          MD5:C2594670CF0C6BE4DBD3217516263884
                                                                                                                                                                          SHA1:C87C2AC11C8F1DA65A417B77A3C2F7669D3C76F8
                                                                                                                                                                          SHA-256:EFE97D5E86FA1FB31D2EB1D912EFDA6C0675354C918A108A2A5CB9FD1B049706
                                                                                                                                                                          SHA-512:793128AC8A007A83A6D45B92C33FED4EADA6DD2BE0439683F00138A5094685E66106B149BF6726AAB51B4462C9AB0AE7ACB4D66B75DBBEC213668059F423A90C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3R...p+..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1....+A6f..U.K:?"...7..`...1.D....9.....$..:.H.....1.......o......'...I.$.cDUD.....m...bU....3...5....Pib....+..:.....9.;._.Q..&H<?..3..N.).E.F.wa.i.S.z......`...r.27....".n..y@..K.b=k|/W.N...4...(j/..MK_P-.g.......\]..$...<;..D$..D;:d.._.[....d..........s.!......!H.R.,.O....o.......Q....j,........].....+..c....{..]...}....n<.#.5.....:..... .:....okO.T_Z.....!.K....z.pM*..J.irW..>-]H...4r..x%...\.]1. nB3.W.v.Q.C*.......xY.t..m..?.u.@>.8.H0.V.....K..t..??...R.KM7...E$.!..........).`...h8.w.8.\....5..Ft.0.`Dc....F..6.A.EJr...7..,!..g.e0.Z.L-.+..[E.`....wm..%..9..'........$P~.R8f..NN...+tx..-.j0nn..tk.O.0]gEzd.0....f.|\.b..`b.9.H.".w.l.va.T.F........e..;.s.Gd/.=$.Ylo&?....d.[..AGn.]$..d......r..Cq,3..8..-.k...^

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\config.ini (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (628), with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):904
                                                                                                                                                                          Entropy (8bit):5.16252709414254
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:O1FIAgaG0R/qvFPzaw5uF3McqevQ/lTKFYlKmEqXO:+FSaKFOBFp3I/lTK+SUO
                                                                                                                                                                          MD5:911236F9C9B8A0FC2DECE7ACE93B6F3F
                                                                                                                                                                          SHA1:BBB3FE4FC5D9F7E6154555AB19D99AF8176D75CC
                                                                                                                                                                          SHA-256:E14FE7CF77E21C33F8CC5E080D411B523ACF79914EEDAD0B6CAE4F3B91D45737
                                                                                                                                                                          SHA-512:37DDD3D7FCEC5EEFFBCEAE3A48836535F1443D9621353744F7263F8A57F061928832BDE709BD978FF41B0A6576DCC84E8BAD9E3066F62B5EF4D5D18F9274C61E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:...[Shepherd]..ABTests=49afa038-20e4-4cff-b058-f7c69b5a850d:A,Indruch_SS_4Thursdays_fake:d,av-32836-v2-fake:b,av-39646-v2-fake:a,oa-7466-v0:c..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_not-avast-one_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ispublicrelease_versions-older-than-24.6_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-9f4def122112ec25bfe98e9c5b47780e4330caf2e810e507ae27d0ec074d08b0..ConfigVersion=5198..LastUpdate=1731812517..NextUpdate=1731883471..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\cookie.bin (copy)

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                          Entropy (8bit):3.1368637096073178
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1HqCqsjn:55Tn
                                                                                                                                                                          MD5:06112A52C5F2C27C04F4ABECC9CFA0F2
                                                                                                                                                                          SHA1:787FF30FB75D2018EBF3D9232EBFD9134B80CB69
                                                                                                                                                                          SHA-256:EA9DC97A05195E708728AF276DB0482436EC20F1F00A617CF43A86B025B48252
                                                                                                                                                                          SHA-512:31B4807705A0965DB2A99731B124652EA8C8793D2AF3D0FFCB52B55612AF083A21FF1B0ABEEE84835976D91DFA556527F5619C22682A2228DD947E209634C467
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:mmm_ava_esg_000_361_m

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\instcont_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3845976
                                                                                                                                                                          Entropy (8bit):6.446087740263079
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                                          MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                                          SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                                          SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                                          SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):22801704
                                                                                                                                                                          Entropy (8bit):6.535582973837928
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                                          MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                                          SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                                          SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                                          SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\offertool_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2494808
                                                                                                                                                                          Entropy (8bit):6.788672549451929
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                                          MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                                          SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                                          SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\part-jrog2-165d.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):703
                                                                                                                                                                          Entropy (8bit):7.691740964523839
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:UIa/619gs29PQ8Gn1aBIpeuarWAbSuEa7I/kYCGHz5BaoYb0bM71n7Gwe3MUlp9H:UIaY6V9Y8E1a+pe/WAuuEtcYCQz56Ybl
                                                                                                                                                                          MD5:73960E554642A52684E4FCC6FCD560ED
                                                                                                                                                                          SHA1:ED47AAD96AF09D307FD13AE280C0DCACB853C523
                                                                                                                                                                          SHA-256:038ED336E0323D6A0A413F3C9516C6D644305F42B572308707CE4D25D0ABFC3C
                                                                                                                                                                          SHA-512:492ACB4E518129264E80369273975613378CD69BB179280FAE6A10CAC32ED2DD5633C6FF34276C2169829D7C9FB32629EE957E081076615C7B913A545EF0DCDA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFile...._...x.-.GP.A...?..l.n.`......B..A$.b.x`.fD..3z.#7O.<x.....%t....+...b.......}......Yy&.q..^.p.*..}.9.Z...&..;.Ya...R......=...........eT..O..4.-qU.K...N.>]q&.[y$.|My...W..8.\.s.,..+....G..nY/Ke..%.e...b.w....}X(....)..5..:....r..y..J.\.l.52G..l.{.o3fq~.}..O.l..e.. ..z\'....[.5.[M...[.W..\v.e.E..'......%.X.).'."._H\..X.<..<yK.e...!g.'...mr&}.`...,..}..0..L.....|].7.7I...3.u.....9..8.c.;.y..^1..E...G...'....".0."YG..0...._c..1v.C..ml._.=...:?.}.Ac...7..[7d.=.....>....'c..Q......w......A?u....9.K.W.....~.=....g...).0...D........9u.O...N....~.m.r.........u.......`>~.-.....3 ...|......."(..w.j.7lc.../._.X!.l.r....Ff...|1AL..l...|*U..'.ASWSig2B

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\part-jrog2-3f.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):212
                                                                                                                                                                          Entropy (8bit):6.873399155053426
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:Do/RlllUG1BkzrpUITb5KTQvrHnrQBkSsXqHE/h6PG/Xa/XfBXkcLn:Do/Rl87aIBvjn+kpXqHsh6PG/K3BXkSn
                                                                                                                                                                          MD5:B52CD14455C3886559C5C647520868D5
                                                                                                                                                                          SHA1:D4A13002B397146E2A9EC3E3F4DF5C7C2F3A4F2B
                                                                                                                                                                          SHA-256:63282CF05C074D74BDC196B5F2939B5BB42BEA57D3CD5B95F065B00C3B4EE34B
                                                                                                                                                                          SHA-512:FB0AF5B24134F71458C7710E920611183B73E3828DBEDD96133D35E04FC0B16FA940A95628039C0A1C6D797F6A82D5C10C98F0003BEC22D98F3DD1789E07BD77
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFilem...t...x..pt.Ne``.s.ue..YE..F...n.@N.t.......fj...a.O.y.+..)56.l......cgl........(zo...r...K...........4....t.2..T.)....O.k..=..?...~..4\.....h....M..... d.......?9L..Y.4..<....ASWSig2B

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\part-prg_ais-180b17f9.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):75960
                                                                                                                                                                          Entropy (8bit):7.997659035780696
                                                                                                                                                                          Encrypted:true
                                                                                                                                                                          SSDEEP:1536:T0wKUlO2Hl4Ib7dzgCTNKx7rD+tK2K0ncWIaC4CIiT4JxFC9G0kkpo:T0wKUFHhrAVrYK2KE1InzT4HFCuk+
                                                                                                                                                                          MD5:88CD5DE2B6A173293E509018A7EB4DF5
                                                                                                                                                                          SHA1:FC29BFF0046D3288956232DFA6160D943FB7B99D
                                                                                                                                                                          SHA-256:5B2245639A15E5E8656DD8EA39B06FE8DE141408EBD9FCC1EE2D31A4F63680AB
                                                                                                                                                                          SHA-512:15DA3EC5CF9B87FF66128D20F5D92E76CD732EA01AE300362530046BB10E83253D617F216E2386F2BC20A745EA922074CCC6BF891A9C2C7427B84A415CAEFDD5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3.[..X(..]..@..(.Dx`5....j.D.....H.&!...!0..v...1.Y.v.*....OU...K..o.R..~..=d{..6..S..2m..).s..K.#q..J...:........\.J..#...../0.G..U,.Q..l3.^.0=...?A....... ...8$;.r.4..P...=."...u.Kj...n........}...O~...t..}.....^.._s..:A.h:.1.!.vz).|W..[..~.....h.m.Z...M....w..F...=..\c...X2.......{fm.._8H...K.Ye+.4*.+;$!I.....U.!....=....AM2 ......SQ!.;....O....._*AjR.V..0Me0..2.U...l..L.t.tZ....&H:.*^.'......^.vHcD...0..<....0...0PO. .MT..F2.Y!.<.j.h..6.B...s.s/M.s.yv..s.......#.EZ.1..$.........z..=.%Q.|...5Z.;CzTd.{l..s\.......b..R..}}....e.k.X.!....5./.h...fc.H.....^..Vp..T..v-....F..X.3.O.b...C.E8.t.z+._@]...PJ...R*.@.....e...?|.....9.'H.....rE..v...+b......V ...>O..Ol.:6~P.$D(......3.....|.Y.v:ZL..c.Qm5* ......Z.E.enxC..........I...t...V..'..y..<x......T..k.UH".uy.u.4.4i?(..i.N..,9.v9$...+T......WUy.<..`....{R...gZ9..U...-9.nW.Q...`9.d..y..(U..b...L_.......xf..?.,.s.^....2N.....!.[....Q......_..}.;.....BAWb3..8.`..*.[..B...

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\part-setup_ais-180b17f9.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4518
                                                                                                                                                                          Entropy (8bit):7.964941149397295
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:96:jX/wN8yHKSBwmIAMxb6jXTAR5/nbj98rChHmFxqGNK3W5Xn:jIVKmDMYjDAbx8rChHgxq63
                                                                                                                                                                          MD5:606B8A877BA5E352D4EA7C89EF88FA4B
                                                                                                                                                                          SHA1:012955404A9B71402695F61630C8CDC109DAE4A8
                                                                                                                                                                          SHA-256:4681470A64C3BBAD4065D7844937F64838E713185686E89D223BE2D4D07FA818
                                                                                                                                                                          SHA-512:89D172C60546A9B1211742A719CE8379E9DC5F9C71B81C5FDAA66DF10607EA28946691D6AA61E109AD06FC85B0BAE02971E84A881AB7C9555E837FBD4A315C85
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3@...F...]..@..(.Dx`*....j.CtK.&.^..=h..N...,......p......X..].....s.V!1..>R....Z..Q...{(T.R.i8...(..Z.K-j?F.s..z.....!..A."....r~E...m."....@n...$.....e..jD`t.~."[u.S.[.0g..9..GS...0.2.C.=@}pW......s.S%..j.........W.g.....[3*...ZG.eO9...M..u..a.B'.F..S0..2.........Fh|.~.8..R..^..9.I.<aj~) -."..R...D.."I&...1..e.g.\I.....3..M.z.V.>...H{.O.vy.%..BS&.T:.J....A....(.C.H..M....*..d.W...]{..V4.05^.3r.J.U......B!....p...a)T.d.dQ........n1...j..+$..O)N._...a.y..*....H.u...U....,?+.!..o...,..3.0..#3s.u..!.>1..:...NV+.).U..zf4.<7....T.....A..\.Q.4.+.......#.. ...#?..L3N. ^p....!.c.f^;.pU.j.n....~6|*.?.#....:...=_...x].].F[..s.`uTG.j..r..4.w...8...|W<.'...}N.C._|K.mU.......T.....Q.%P...Mt..H...P.J..N.2....}.2....A.jC...t(.|3..T.".V..A..6F.S...F.0...8...&A..Z.m.Yt<.0G.W...L6.cN......R>..I,%.~..2.,...Ie.J..|......TA..........O;..tj$2.&X...m9...`.0...4..?k.......z.#.c.N...{.58..~c...+r:.i,..9}6..i.&!...]./.YVq..>jf....P..BL.....

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\part-vps_windows-24111300.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):12069
                                                                                                                                                                          Entropy (8bit):7.965434857786736
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:MEFc7mr40Yt5JEAJ/sFWmrpE8f3jgRCouRMmgUFp+tBhkVYFtWT4EzqnQKqrimPE:MTG4BLEKskmtVcRCuzUzU48QKanc
                                                                                                                                                                          MD5:C17605BBE8ABCFFFA9CC153FAE929924
                                                                                                                                                                          SHA1:D8B2E1EAEEDA4597BDCDE8908CD1ACD54B118894
                                                                                                                                                                          SHA-256:74D50D1F3BC4AB2508261594688FE7FACD0D64D4A6E4511A451E7155C427F514
                                                                                                                                                                          SHA-512:F7D5B20EEA5812BF1A00E7CE5CEF13B8DD20A784F11CDBC28C1CF8A92CFAE9BAB1FAED94A3ADB8DC09AF67DB7E200BEF2218314727F69515AF610A42E8F8F933
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFile~>......x...uPU../zv.....VJ.D..$....nQBI).R.TBD......%%..iA.EJ.A....Y.;.wfn..3.s...6......sIQ....D......../ko..W/.b..*...5M./7........:i.H|.. }...D}.8...B_..n)...$.P..b.......h......^FJz..$$.L$$.t.$..A<..b]'..H......|...,r\..g..^..O!....#.I..B..H.....*...#....H=.|.(Ry.un..B*'....HeC.Y.............d....HO...HO...HOE.k.J..S ..H........H.Ez...."..rh.p......#..E....G.=..E..R...[H...?H.@..#u.Y_E..._F.%.."..H?..sH?..3H.F.......F.I....#..RG.._H?B.......@....Y.B.A.~C......"}.R{..... }7....$.v...@./HmG>..X.....r.......H.B....w.YoB....=.7 }=..!}-.. ..Y...UH_I....U..#...\). .[.9....#.EH-D..A....Gj.....s.>..>..3.^.h$7b$-b...................-+wZ..Z.f..~z%nU7.d..........^...S....js.....Y[YVz.4.'S.-K...$.....d.iZ...,.0.t..0.PE...}D..\.O...n..L6?..L2.b..5n...q%%`..%.0.N..L.@.&..(..e.T..C8..J'.0.F...y...L...L.~..L.`..t...1..#.L.e.......$...`..4.0i..L&.b..ll...."R.$.9.0)oI..<.E....`..ZR..`j.`...L:8S.&..c......d.+.`..i,`2.".0...L:..&5.1.I..4`R.h

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\part-vps_windows-24111599.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):7561
                                                                                                                                                                          Entropy (8bit):7.972849246514998
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:r8/p04pGOru5xqcStbIPhCG62lt2/3gKptS86vI1V:r8xPAZ55Ub0hXtgw3I1V
                                                                                                                                                                          MD5:E0F82AB6785580B9296793B164028CC5
                                                                                                                                                                          SHA1:BACFE36980D694587FCF4ECDE55398A7B08BBA66
                                                                                                                                                                          SHA-256:72E18B271F2AE83116B2E91B5106AA8D644B31194F65D9628BA52425326F2A99
                                                                                                                                                                          SHA-512:D8730B4D484D0FF353B94822822CC5E29E4EB0A0D0ADE7ADC798115F44243C5E7656F5BC40E3F204F5013D331E69CA9F9AF7E7F5A6306EE27382C4F9C7F519C4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFile....)...x.}.UL.l..`...,........;..nE..Sl......+..o..}....=.d...2...K*:B@@..+K..3.]=L=]\.=L994.ee..ys.........\...Z...S...N.m.. I'.....+......}.W..'.....E.a'..#.....?..4...B....?&.../V.....NN...e....\b.+.....s...e.`.J.....XO...."...R0r..&pC...O-s<<^.{..o.r...<.%.+ka.l.ng..m.\>....sK..+I?6.S6`_..8K"e....F\..>m<.eal.......#'BF.??...........W...a...y..kj....h........^..Z...,..}........w....Bi..Y../..../.z.....%6_)...W ....?&...pq../.A~OV[:(.su._.B..R..>x.h...h.g7..\(...|.._.eV.6Y./..]]...Wz....7.........j.>..).Pd..E................;...........X..B....W1.H..._...f].6..|.......=..~.X...+t..R...o....g.6!.I...gTl_7.....19>..9L..l.l.+..........R,!..1.D(..:..-. .,..m....%.h../..s.@.m.y.9|u.<PF}...+G..(....p..e...&j=.FZ.(..A-...!.....ML...5.d...!.}...4..{/c...d..U&.3.7mO.(...{1...=h...^....g...9H...T....[A...R...T.../.z"w..5.".J.B;....7.`..\..Y._.....2..$.H...x.:..L..+.k.v......o ..f...R?..1...IN . .b..z....Y.'...Xv%....k...O.i.....Q.}..

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\prod-pgm.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):573
                                                                                                                                                                          Entropy (8bit):7.572324839935932
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:5dT2enBCweX1KL5DYT84X6L/5aWSYWBBYJTPlpwENgEV1qm/n:P6enY1acT8G6r3WTI/91xn
                                                                                                                                                                          MD5:E41B3ECBC78F39C2F5FB4F1B89CBFEA3
                                                                                                                                                                          SHA1:18141E367A3D7BBD6EBB455618026B9D86E25D2D
                                                                                                                                                                          SHA-256:9C8C47FB72D287460EBDBFF813C468C12746C78C44201C044AF81B88B1E78C1E
                                                                                                                                                                          SHA-512:59D7A8F6D27C594514390783CFF96E244006B05810E16C8506121234F935876CFE4C08C82213EA8192143938E4CFDFF78E5B95F016F70C7FC0B5C4B500BFDA11
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.En......s-...@....e........<g0..e.Gx...C.L{...!..5pT.t..].I.p"..........{C.mH_o..JD....x0.1{.~`C...7^~.....b...,..+.W...$oP...pD.)e<... 3............f.J.@.S.R...X{..)..-.x.....8X...v.e5.H..d$...)..Rww.e,..............N..x.>!5...`....J..Ax....5%8.k.8..>.F.......y.'..rh^;f..l.B.+{.....)..z....g$+0..5....y......X.....J...=/...7+4.W7.M...TJ/U..,..M*.h.0..~2c...........j@..f........Gt...dXJ.W...(.......}..R7\...2......j|nj......H.Z.n..J..s)uG\(....y.....;O.....M.3..4.Y1.%..B.....ASWSig2B

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\prod-vps.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):340
                                                                                                                                                                          Entropy (8bit):7.220252077684201
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6:DulSVt/JqTbqeUD8G60Nao5ZNVt/rykywKzkQ5o5kJTFFU41dQFMJ7zQn:KlY/oGZDDtDyGU5PJ42QO0n
                                                                                                                                                                          MD5:842F97E3B1D1693F3E3AFA70DEAF9F45
                                                                                                                                                                          SHA1:1B0FFC38EEA352ACDE06C1CF2401E6382D60107E
                                                                                                                                                                          SHA-256:BE9F38B57C380AF0A273B5D23C18830E44A5C6C263BF5C7A885B6F514F68E0CC
                                                                                                                                                                          SHA-512:0001E61544ADC811397923432F2938EE118669FB48DA61D41EB815427692D67D056E3505FE46325A5B0B936C837E337C65400542F213394C895E71E87A1D6AC3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0..c..n>.~ ...;....H.-.......N.....Gz't.u.0..........'|y..`|..2o[...{..[.H-..7.w.f....B<}Af...H.......f ]VP.r.7.._...._^.s.LQA...:e..b.V`{..*Sk.K..m!....]5...:b..(k..V.6..P..Z...<.)~-...e;n.w..B....]..H.^.dln...VL.=fA.....f.P....B.Kz..[\E..#\...........h..h%...&....X.ASWSig2B

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\program.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1552524
                                                                                                                                                                          Entropy (8bit):4.904101553320832
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:1536:3baHndUNyN2XLYuCN4MjWCN4Qj5qpwNvvH5Rw+YGvqNpn3DMSMd5i45eRpCvWIOA:uH+NQIw7DfD440tw
                                                                                                                                                                          MD5:8EDCEC9108B7680E58835764EC5CBCBC
                                                                                                                                                                          SHA1:D5DBD71DA6DB9687AF296C500A303552F3EDF8F6
                                                                                                                                                                          SHA-256:4A9F6B64F10D6F0F1743D55F5AEB7EDC31EDA2143204FB860D6B8FA602FD8E35
                                                                                                                                                                          SHA-512:64D32B34F6E5AD39D03D2D72EC583F0C187596104B2A783D6898302840B1EED6A261BA9399069E02A00E7CFB9AAD7936EC3F533BDDE7194941871CD93B43DDF3
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="program" name="prg_ais">.. <selection-tree>.. <selection-tree name="ais_security" name_ids="23000" desc_ids="23001">.. <node name="ais_shl_fil" name_ids="20002" desc_ids="20003" />.. <node name="ais_shl_bhv" name_ids="20014" desc_ids="20015" />.. <node name="ais_cmp_avpap" name_ids="21062" desc_ids="21063" />.. <node name="ais_shl_rsw" name_ids="20022" desc_ids="20023" />.. <node name="ais_shl_web" name_ids="20008" desc_ids="20009" />.. <node name="ais_shl_mai" name_ids="20004" desc_ids="20005" />.. <node name="ais_shl_shp" name_ids="20016" desc_ids="20017" />.. <node name="ais_shl_exch" name_ids="20018" desc_ids="20019" />.. <node name="ais_cmp_rdp" name_ids="21064" desc_ids="21065" />.. <node name="ais_cmp_secdns" name_ids="21040" desc_ids=

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\sbr_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):20776
                                                                                                                                                                          Entropy (8bit):6.666276726657009
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:9xaZ9QOb3KiVm+U28iAmIYiWop1/wfT3ir2WSx7bLu2:9YZ99bhU28iSYic3iPmbL
                                                                                                                                                                          MD5:E604C448F9DAAD033021B419CF03C534
                                                                                                                                                                          SHA1:B4918BA6D91A5F3338425DF2AEB71467C64E1EAD
                                                                                                                                                                          SHA-256:C318DF6F10D3041293015097F2E868AE5D0FB0FD32EBCBD4B512BC660DDA4B88
                                                                                                                                                                          SHA-512:4276A4EC8F3F94062A268A8EF17ED1E0AC30441553044E9205C23344EECA45BA28851BBA48867AAAD3354BEE285C6C81A3DE1595E5D025BAC3692DA3D1A97EA8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...%.+g.........."....&.....0.................@.............................p......'.....`..................................................&..d....`..`....P......H&...*...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\servers.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [server0]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30252
                                                                                                                                                                          Entropy (8bit):5.133877165802441
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1w:Z9otwD4X63hwryPIBWrMYhOv+n8Z4+
                                                                                                                                                                          MD5:1A6A9E445C5945718C7D7BCF44BFD42D
                                                                                                                                                                          SHA1:1655A71593D59BEF42D28301466660DF57D530BB
                                                                                                                                                                          SHA-256:C6C5D745F99444A7BA784471C9F939C6FDFEFD5A0D22CDE44677E5D2D62F12EB
                                                                                                                                                                          SHA-512:746E4C9934102AEF1B751CD37CBCA1C4ABCEFEBF65E0D53896B618F398123B46DB60F1E8F1D0C09388344C58D8709D0F9519CDEF5BD68A53F07999B2B0859E3B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\servers.def.lkg

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Generic INItialization configuration [server0]
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30252
                                                                                                                                                                          Entropy (8bit):5.133877165802441
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1w:Z9otwD4X63hwryPIBWrMYhOv+n8Z4+
                                                                                                                                                                          MD5:1A6A9E445C5945718C7D7BCF44BFD42D
                                                                                                                                                                          SHA1:1655A71593D59BEF42D28301466660DF57D530BB
                                                                                                                                                                          SHA-256:C6C5D745F99444A7BA784471C9F939C6FDFEFD5A0D22CDE44677E5D2D62F12EB
                                                                                                                                                                          SHA-512:746E4C9934102AEF1B751CD37CBCA1C4ABCEFEBF65E0D53896B618F398123B46DB60F1E8F1D0C09388344C58D8709D0F9519CDEF5BD68A53F07999B2B0859E3B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\servers.def.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2452
                                                                                                                                                                          Entropy (8bit):7.906075181939953
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:m31oBEs2XRm52nx5ivt4+qThjoZoGhjDh9yiHPkjOaNRoLQk380t29Nn:ao/ORmknx5Mt4+Go6G1V9f6OQ+QP8en
                                                                                                                                                                          MD5:CCC9E37F531D8D3E748AA960765F95F8
                                                                                                                                                                          SHA1:3BBA7616812451E4581EA83AE89FF2873A8FF998
                                                                                                                                                                          SHA-256:FCB2089787060130F53E59923D46E59EFFEE53E1230ADB370FED3DBAE11A2853
                                                                                                                                                                          SHA-512:806F350723F1CB7D0E3745563E5FCF56B169BD28CE11C0CBF6DD58C36485BC0CFFFB6B7B14AA1483B9A728B7442E8317421AC54D3E9D6F6FDE5ED92B4F41240B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3,v..4...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\setgui_x64_ais-a52.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4144936
                                                                                                                                                                          Entropy (8bit):6.480296620316725
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                                          MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                                          SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                                          SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                                          SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\setup.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):39811
                                                                                                                                                                          Entropy (8bit):4.746027384480954
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:KovwuKcl3cOngF7XR2Sm/Pf1M9IlOPachnRnw0pFiRAnMeimqXO:WpB
                                                                                                                                                                          MD5:09F4A482ABAEC287A396EB53B5BC7790
                                                                                                                                                                          SHA1:09B574D3056ED6CED6646ED11B85CE76712CDB4A
                                                                                                                                                                          SHA-256:BB5630D32DF32B939232606E8EC97B8BC64378D316378DF72AC95DC965A0F7B2
                                                                                                                                                                          SHA-512:4A831F0E54F38FFBACBBC5B869324AEAFABB61B7F6EDBEB49EE9C16C5129557868F931FCD11C27BE6BF632A619575197EE555662AEF9318DE1C76FF3AB6F4F12
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.11">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />.

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):16135
                                                                                                                                                                          Entropy (8bit):7.988705156102118
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:FZM8knxkVrZZDxYpBKzJxU2gZ8UmQc5XzP07PUkTp24XWt:F+xk5ZccI26mQyM7NTpHXK
                                                                                                                                                                          MD5:896C675DF96DCFAF815466663336590C
                                                                                                                                                                          SHA1:11506C0CE24AB315795DEBDFA1B24E96CB48D51E
                                                                                                                                                                          SHA-256:1E5F5D0A634CDADAD2090ECE7C29D347361D86AECA170FB2681A5830E6C61BE3
                                                                                                                                                                          SHA-512:7FE71ACD6DE86F5DA561FEB7E2B915C3BBC34F158D0CBDC1A0B147E5FD93FAB3F415DF5E0EB70459DBB3EB671DD096BA17B55E350E82E25FA07E9ABE01331037
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3(m...>..]..@..&..p.........../D.|..(....U..)..B.s.Q....L...Bf...2f..'.6...gg.D.....(.[.[...1.Ic)B.].;...x...aK.D@.5$..*..v#.d..j...yF2..(.:..3...$.5d"4..3.%.w."k_.=...3h.f.....l[.`..o.!.....$.V;..R8..........b.-.....S......-..G.S...lsm..1.......L...e..c.E.A.....x.x. .........P.<...x.|.-...BT.D...`..$J.z.O...g+.@.|O.^...{..[.ro9..4.....a..F......8.x.H....v.8..z...!.\...l.6.-.LP.....V.yA.......(.4........J.GC.B)...w...Z..\..s.s.g..C..P.....5O..9.R...5<..=2..R.Q5..'..0.O.;;.S...gX.L..P..lr..........7....H..k.....t./#U.W..<.q.....{....c...xU.4T.7..Gg5"P=l....6.){%.e.........~.....#A.J...w@.H+.....t.....R.2.@.6J...w.N...?.g...u..f......JJ....v..........Bp6$...6S.I.)...}.Sfn;....w.8'...._.;!..5.V.&..9.:..C9.m.#.g.k._.]..$....><A.g..`....V..zf..0..d.F..&P;.d..h..zI....9.m<....{.sd.1..k.q}EA....@.s.N.....':^....^.g....AA.1.NW...W.cU.zE....|....g.Q..f.Z.g'..{.../....../...N..Z.F....T....D..Y..1.vY.g.$C......9._...+]F......H.R8...=.

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat64.dll

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):30504
                                                                                                                                                                          Entropy (8bit):6.827833547100702
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:768:t5eK0CBFdun8lDZgqsQrn3zrlYi33iPmbL:MIu8ovQr3zrl7n7
                                                                                                                                                                          MD5:F5039F803B5B1014548700D812C70FF0
                                                                                                                                                                          SHA1:BD973D1213F276E22F96A18D818E2172EA3614DB
                                                                                                                                                                          SHA-256:52E2EADCE4D82BB9409FCA35B4B0CC789B8E434D4CEAD3547FD060A95BA746F3
                                                                                                                                                                          SHA-512:980A2B48E539B583F9FA5CBCEBB91DBF0AE3F9BE669F8A7E59CB4CD116C500393ABC2AEA6BBB75A2659F1B0FA33D813E98E5A8FBCCF5C83E5A428497E99E03D8
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p........Ec...Ec....i...Ec.........................~.........Rich...........PE..d....+g.........." ...&.&...$......`4...................................................`A.........................................T..,....U..P.......p....p......HL...*...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...p............D..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\uat64.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):17178
                                                                                                                                                                          Entropy (8bit):7.988375155111137
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:VMqDY6BE6ZD6RYfWpQ8E6aR//YhUv2PBVJisi1Nk+UNxOUmhegtHEtOwfURWbbty:2rUE6ZGRiEahYh9cs9fxOrutOTOiT3Jh
                                                                                                                                                                          MD5:30B104733551F0AA0B62B4A123C85BEA
                                                                                                                                                                          SHA1:398D273E2BB9CED48B259C26A59EC5BD0236591E
                                                                                                                                                                          SHA-256:6DF20B657D4190179A367106777DA6114BDEC8F65FF29E109C89F206DCF4F50D
                                                                                                                                                                          SHA-512:A00BADF5991BF7431EBD14E2D9DCCD75DA11315838AC01B8D4ECFFB2CBD39777EDBCB5D3A9F85C98FE6DA84CDE0A25E07BE73BA11C962BDC4842991DD3E993BF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3(w...B..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yc..l...}'g.7-G.t..@^hI".....yl..:GN....a....K.c...}..C*f..Xv*....../.U@,..k.~j.7.h.....Z..`..G.u]-....w.. b..o...2h.}{f...7g.....W.N.v7../5..Z.M)J.....%..D.{.3/N.*I.Q......../6B.!..e............Yj..p;n..>*....Y>.........?G~C...2.'.5....M..?.~.E.../.k....x..>._.2Uw.#7..O#.i.'.....N.?l..FM.!.v..(I-.....3...E.7?..g..M>..3)..6.p..T.[.h.t..9.....p-Qz.....&...R=I.R.a...{..~....b.i6..H.P.p^B..9.o0.Z......hU......@["...~H...q.../.2...lD.|..*..&..Ic.g....).P|..#..n.P.....W.0..;...u....n...u..J...E....:y.Ti.....1uU;."B...}..,F.z)..w.L..n...Y.jK..W..m...u..b.........,.....I..pOw.9.....).._.{.(2w.K....nK..b.........P.[.....~.....c....-.lu.&.3....+-..D........5......<.C..m{.&..B...=............M&.-c..a. y*.k...9.|....S...3;\..;Btu..^(...."........0.w.BA.Q..A.8..:>..%..../....w..e..D.../])......e[w\...SS.%.5^*....'I..E...X4.V.........

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\uata64.vpx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11213
                                                                                                                                                                          Entropy (8bit):7.98622732524891
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:YTEovd3j8Abp8F9hTzlUsfVWpUhtIkYGvkLfRrxP5e80gllbd9nr/73mxg+iFn+e:3qlTbyF9hTzlYpU3bvifRlPjlbd9rji0
                                                                                                                                                                          MD5:1D5D0D993661A2D03CC6DCBB3365898C
                                                                                                                                                                          SHA1:B3484B65EA54BD0DEF9F6B1AEFF8FF8583F0173E
                                                                                                                                                                          SHA-256:F6E81AA56F2F3381D0063F1F7048D3E6858F1E44535831488116550358478753
                                                                                                                                                                          SHA-512:CA23485D4E0418D04FAE757DB55041656F54DE0B7FE87A2D89E2291E4E17A7257521E98E9613F63BD10A642E76847D3F47F2D2434085483B4C88004C03A601DE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:ASWsetupFPkgFil3(M..m+..]..@..&..p.........../D.|...G'_..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y..m_<.j..Q+...p7f]..f...M..8. .............E..I.........P }.a......R.d@=..$Wj(.~.(s.uV..........wt...u.$.Q.(..`...NB;...]F.......[-@w.vo.b..._p?.V8....s...@a......L....pW.:.:... tId.9h..z..................z.....P.D+|Yq.d5....Yd.z.S[5OP'..x..Y..0..wR ./....l.B....l.o.$.6.... '..Fv.....ar.?~.f.Hb.:.L..lC.......2..$.....C.5...V..m2gM.^..n{..;..Q.....+..8..zj.R.39...o.1...4......O7.~..........0X........u...EX..Z"k...b3~.................iWt.....m}}&.^..$.q.f..6.&]..%U...Yka.L...x......1c.]X.}[.y.;.........x*%e...5.r$..D...`..5S'.19....7......)c5.bdN.d@.=...j.7..0......j.3_.6C.Ycp.....KE..~3...2Q....+-..a~.^(Q.)!...0`...Z..I......k...e.v'.9..W..&N'..c....(..T.5..y..j..W.o.1/NU.xq0.s.DIH.pJt/.gV<..!..~#......4n.+ES..xc..~[Z..E..e..].F5...=.+w+...Z...Q.....&..e...c...Iw....K9..K>v.....0..f..Z>....p0....t...L3..K>Qr.C3.t3=.......d......I

                                                                                                                                                                          C:\Windows\Temp\asw.8b2d18aeb335a9b4\vps.def

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):55892
                                                                                                                                                                          Entropy (8bit):5.023999829313249
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:pvuCUuAU7soerqmZTyCK1gSgEPNi84iyo0vvqNz4Zx1ll9puY7j3E/3zOPz91KMb:pvuCUuAUQJRQ9U3NFhfCRMS3ulhqBkv
                                                                                                                                                                          MD5:90CF995E37F9D3F9B93AD34577EA4BD3
                                                                                                                                                                          SHA1:68C2FE60180E39A6B7694017D3F4AF491905D8D1
                                                                                                                                                                          SHA-256:D4B7D56879EDD8ED36F187F432CD32E452E84873E6E1D051FA85D09ABC9E4B0E
                                                                                                                                                                          SHA-512:5B95A7FEAFE7AFBBB2F641042249EEC57C1431AC5C536B411518D65E8A939C2AABCE48AE57CE7270A7CEAE248D546CAA535BDB3BA82FF89B451E2CC58F1F03D9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<products>.. <product-defs>.. <product name="vps">.. <part-list>.. <part name="vps_windows" type="vps">.... <expand-symbol-alias>.. <src>%VPSPATH%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR32%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR64%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <condition>.. <or-list>.. <file-exists path="%SETUPPATH%\Vps64Reboot.txt" />.. <and-list>.. <or-list>.. <is-operation name="install" />.. <is-operation name="updateProgram" /

                                                                                                                                                                          C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):11083976
                                                                                                                                                                          Entropy (8bit):7.9238198360798435
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:196608:iYtmRLiobGa7D7ZIqRaq1CewvhK5Pkz/h5TI+Wmg29iPu6nP13gjK:XtmRv7DNPwB5KFM/v0Z2wPb93
                                                                                                                                                                          MD5:5602827611566F03E75534E544049184
                                                                                                                                                                          SHA1:D8835C1CE4657B740B31CBFE3EE1C44778B1C4EB
                                                                                                                                                                          SHA-256:EF505C532585DADB5DBE7CF70859CB8217B5167A2BAF965A2BAA28065E33E497
                                                                                                                                                                          SHA-512:B6548F3742D6059209DC38972E3DBB64DC1139881983585FEA6DB968BFBFF68D30DD00219CE8603C1102EEDAC8089315C08575FB73E20CA3C30169FEF42EE1FA
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                          Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......(.0Fl.^.l.^.l.^...].a.^...[...^...[.m.^...Y.m.^.jm..h.^.jmZ...^.jm].x.^.jm[...^...Z.r.^...].n.^...Z.e.^.e...n.^.:.Z.f.^.l.^.a.^.:.[.o.^..._.a.^.l._.w.^..mW...^..m^.m.^..m..m.^.l...n.^..m\.m.^.Richl.^.........PE..d.....+g.........."....&.B...P.......U.........@.....................................6....`.........................................`.......D...d....@..8x...`..t........*......X...............................(...0...@............`..........@....................text....@.......B.................. ..`.rdata...L...`...N...F..............@..@.data...h........^..................@....pdata..t....`......................@..@.didat..X.... ......................@..._RDATA.......0......................@..@.rsrc...8x...@...z..................@..@.reloc..X............4..............@..B................................................................................

                                                                                                                                                                          C:\Windows\Temp\asw.bcf0ed0195a4896f\ecoo.edat

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):21
                                                                                                                                                                          Entropy (8bit):3.1368637096073178
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:1HqCqsjn:55Tn
                                                                                                                                                                          MD5:06112A52C5F2C27C04F4ABECC9CFA0F2
                                                                                                                                                                          SHA1:787FF30FB75D2018EBF3D9232EBFD9134B80CB69
                                                                                                                                                                          SHA-256:EA9DC97A05195E708728AF276DB0482436EC20F1F00A617CF43A86B025B48252
                                                                                                                                                                          SHA-512:31B4807705A0965DB2A99731B124652EA8C8793D2AF3D0FFCB52B55612AF083A21FF1B0ABEEE84835976D91DFA556527F5619C22682A2228DD947E209634C467
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:mmm_ava_esg_000_361_m

                                                                                                                                                                          Static File Info

                                                                                                                                                                          General

                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Entropy (8bit):6.39112388440849
                                                                                                                                                                          TrID:
                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                          File name:avast_free_antivirus_setup_online.exe
                                                                                                                                                                          File size:263'520 bytes
                                                                                                                                                                          MD5:3df8662a0a6e5d44dda952b703ca3415
                                                                                                                                                                          SHA1:53e291164837412630395b77d21ddc0b9045b522
                                                                                                                                                                          SHA256:15d337b503e75aadc343cfef9801ebdc16e6b255a404119ebd56c1e48e0e0179
                                                                                                                                                                          SHA512:f64ad9d73c8e60df41f4afec070640ab241b390235a0bddc9efe8d910fc04b95e75ceeda7ddb0a7d7f10209ecfab80c0a07e2f1571f20c612c43b0c832eea15a
                                                                                                                                                                          SSDEEP:3072:p2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhOn+TZ:p0KgGwHqwOOELha+sm2D2+UhngufE
                                                                                                                                                                          TLSH:FA4427116D908062E1B61A30E5BCBA715A6D7FF00B7088DF53B07E2E3F751D2A635B62
                                                                                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A.

                                                                                                                                                                          File Icon

                                                                                                                                                                          Icon Hash:8e133369490d074c

                                                                                                                                                                          Static PE Info

                                                                                                                                                                          General

                                                                                                                                                                          Entrypoint:0x401020
                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                          Time Stamp:0x64366D75 [Wed Apr 12 08:36:05 2023 UTC]
                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                          OS Version Minor:1
                                                                                                                                                                          File Version Major:5
                                                                                                                                                                          File Version Minor:1
                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                          Subsystem Version Minor:1
                                                                                                                                                                          Import Hash:79b68a12e4eb6aa0c59dd1289006924f

                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                          Error Number:0
                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                          • 16/01/2023 01:00:00 16/01/2026 00:59:59
                                                                                                                                                                          Subject Chain
                                                                                                                                                                          • CN=Avast Software s.r.o., O=Avast Software s.r.o., L=Praha, C=CZ
                                                                                                                                                                          Version:3
                                                                                                                                                                          Thumbprint MD5:88F0356B1045C86B3BE429E369E41C0B
                                                                                                                                                                          Thumbprint SHA-1:22C7A21648690E1B610F1E964AFB3044EAE24335
                                                                                                                                                                          Thumbprint SHA-256:8C5E3683E3D73A2E9C9452FC91757931A5333EAE9670BAF00874D3C8D6D6A52A
                                                                                                                                                                          Serial:015A6BEC4D7F549FE525C852DF670E13

                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                          Instruction
                                                                                                                                                                          push esi
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          push 00000001h
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          call dword ptr [004230F4h]
                                                                                                                                                                          push 0042359Ch
                                                                                                                                                                          call dword ptr [00423104h]
                                                                                                                                                                          test eax, eax
                                                                                                                                                                          je 00007F41D84F2AD7h
                                                                                                                                                                          push 004235B8h
                                                                                                                                                                          push eax
                                                                                                                                                                          call dword ptr [00423248h]
                                                                                                                                                                          mov esi, eax
                                                                                                                                                                          test esi, esi
                                                                                                                                                                          je 00007F41D84F2AC5h
                                                                                                                                                                          push 00000800h
                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                          call dword ptr [004232ECh]
                                                                                                                                                                          call esi
                                                                                                                                                                          test eax, eax
                                                                                                                                                                          jne 00007F41D84F2AF1h
                                                                                                                                                                          push 004235D4h
                                                                                                                                                                          call dword ptr [0042310Ch]
                                                                                                                                                                          push 004235D8h
                                                                                                                                                                          call dword ptr [00423104h]
                                                                                                                                                                          test eax, eax
                                                                                                                                                                          je 00007F41D84F2AD7h
                                                                                                                                                                          push 004235ECh
                                                                                                                                                                          push eax
                                                                                                                                                                          call dword ptr [00423248h]
                                                                                                                                                                          mov esi, eax
                                                                                                                                                                          test esi, esi
                                                                                                                                                                          je 00007F41D84F2AC5h
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          push 00401100h
                                                                                                                                                                          push 00000000h
                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                          call dword ptr [004232ECh]
                                                                                                                                                                          call esi
                                                                                                                                                                          push 0000000Ah
                                                                                                                                                                          call dword ptr [004230FCh]
                                                                                                                                                                          test eax, eax
                                                                                                                                                                          jne 00007F41D84F2ACAh
                                                                                                                                                                          push 00002777h
                                                                                                                                                                          call 00007F41D84F556Dh
                                                                                                                                                                          add esp, 04h
                                                                                                                                                                          push C000001Dh
                                                                                                                                                                          call dword ptr [004230F8h]
                                                                                                                                                                          call 00007F41D84F99CAh
                                                                                                                                                                          cmp eax, 05010300h
                                                                                                                                                                          jnc 00007F41D84F2ACAh
                                                                                                                                                                          push 00002778h
                                                                                                                                                                          call 00007F41D84F5549h
                                                                                                                                                                          add esp, 04h
                                                                                                                                                                          push 0000047Eh
                                                                                                                                                                          call dword ptr [000030F8h]

                                                                                                                                                                          Rich Headers

                                                                                                                                                                          Programming Language:
                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                          • [C++] VS2008 SP1 build 30729

                                                                                                                                                                          Data Directories

                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2bfd40x8c.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x310000xf3b8.rsrc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x3dc480x2918
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x1cb8.reloc
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x2a5700x70.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x2a5e00x18.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24d600x40.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x230000x2ec.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bd540xc0.rdata
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                          Sections

                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                          .text0x10000x216ca0x21800f3aa9bfe0e0173b2d8dbf69e0f7b5c30False0.5465980643656716data6.552507871447298IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .rdata0x230000xa0600xa200f1313dbc7d48a2854099a510bfc2275fFalse0.4890528549382716data5.400803596600892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .data0x2e0000x15c00xa00e676ce13014a1fea1d94c6052cb98545False0.20546875data2.7943028087818473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .didat0x300000x4c0x200f2ff10bf470db291929511a1884e701bFalse0.111328125data0.6949183674939895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                          .rsrc0x310000xf3b80xf400bdd37c967eb60adeae817513e51fa529False0.35335553278688525data4.9633021970710365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                          .reloc0x410000x1cb80x1e00b242d5c80ab78d037235c071e32e80d5False0.7776041666666667data6.568397975609428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                          Resources

                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                          PNG0x317980x5d9PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.9926519706078825
                                                                                                                                                                          PNG0x31d780x6e2PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.8671963677639046
                                                                                                                                                                          RT_ICON0x324600x2140PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9937734962406015
                                                                                                                                                                          RT_ICON0x345a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.12659423712801135
                                                                                                                                                                          RT_ICON0x387c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.19387966804979254
                                                                                                                                                                          RT_ICON0x3ad700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2319418386491557
                                                                                                                                                                          RT_ICON0x3be180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.41400709219858156
                                                                                                                                                                          RT_STRING0x3c2800x74Matlab v4 mat-file (little endian) v, numeric, rows 0, columns 0EnglishUnited States0.5086206896551724
                                                                                                                                                                          RT_STRING0x3c2f80x160dataEnglishUnited States0.4914772727272727
                                                                                                                                                                          RT_STRING0x3c4580x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                          RT_STRING0x3c4a00x2b6dataEnglishUnited States0.18011527377521613
                                                                                                                                                                          RT_STRING0x3c7580x4adataEnglishUnited States0.6486486486486487
                                                                                                                                                                          RT_STRING0x3c7a80x50dataFrenchFrance0.65
                                                                                                                                                                          RT_STRING0x3c7f80x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                          RT_STRING0x3c8480x4adataRussianRussia0.6486486486486487
                                                                                                                                                                          RT_STRING0x3c8980x4adata0.6486486486486487
                                                                                                                                                                          RT_STRING0x3c8e80x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                          RT_STRING0x3c9300x48dataFrenchFrance0.6388888888888888
                                                                                                                                                                          RT_STRING0x3c9780x48dataPortugueseBrazil0.6388888888888888
                                                                                                                                                                          RT_STRING0x3c9c00x48dataRussianRussia0.6388888888888888
                                                                                                                                                                          RT_STRING0x3ca080x48data0.6388888888888888
                                                                                                                                                                          RT_STRING0x3ca500x82dataEnglishUnited States0.6230769230769231
                                                                                                                                                                          RT_STRING0x3cad80x64dataFrenchFrance0.61
                                                                                                                                                                          RT_STRING0x3cb400x5edataPortugueseBrazil0.5851063829787234
                                                                                                                                                                          RT_STRING0x3cba00x5edataRussianRussia0.5851063829787234
                                                                                                                                                                          RT_STRING0x3cc000x5edata0.5851063829787234
                                                                                                                                                                          RT_STRING0x3cc600xa4dataEnglishUnited States0.4817073170731707
                                                                                                                                                                          RT_STRING0x3cd080x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                          RT_STRING0x3cd680x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                          RT_STRING0x3cdc80x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                          RT_STRING0x3ce280x5cdata0.5543478260869565
                                                                                                                                                                          RT_STRING0x3ce880xc0dataEnglishUnited States0.5833333333333334
                                                                                                                                                                          RT_STRING0x3cf480x50dataFrenchFrance0.6625
                                                                                                                                                                          RT_STRING0x3cf980x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                          RT_STRING0x3cfe80x4adataRussianRussia0.6486486486486487
                                                                                                                                                                          RT_STRING0x3d0380x4adata0.6486486486486487
                                                                                                                                                                          RT_STRING0x3d0880x160dataEnglishUnited States0.32670454545454547
                                                                                                                                                                          RT_STRING0x3d1e80x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                          RT_STRING0x3d2480x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                          RT_STRING0x3d2a80x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                          RT_STRING0x3d3080x5cdata0.5543478260869565
                                                                                                                                                                          RT_STRING0x3d3680x756dataEnglishUnited States0.3141640042598509
                                                                                                                                                                          RT_STRING0x3dac00x930dataFrenchFrance0.31079931972789115
                                                                                                                                                                          RT_STRING0x3e3f00x7eadataPortugueseBrazil0.31638696939782823
                                                                                                                                                                          RT_STRING0x3ebe00x7ecdataRussianRussia0.34911242603550297
                                                                                                                                                                          RT_STRING0x3f3d00x84edata0.3156161806208843
                                                                                                                                                                          RT_RCDATA0x3fc200x15ASCII text, with no line terminatorsEnglishUnited States1.380952380952381
                                                                                                                                                                          RT_GROUP_ICON0x3fc380x4cdataEnglishUnited States0.7894736842105263
                                                                                                                                                                          RT_VERSION0x3fc880x2f8dataEnglishUnited States0.4723684210526316
                                                                                                                                                                          RT_MANIFEST0x3ff800x437XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1019), with CRLF line terminatorsEnglishUnited States0.5041705282669138

                                                                                                                                                                          Imports

                                                                                                                                                                          DLLImport
                                                                                                                                                                          KERNEL32.dllSetLastError, Sleep, GetFileSizeEx, WriteFile, SetEndOfFile, SetFilePointerEx, LocalFree, CloseHandle, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, EnumResourceNamesW, GetWindowsDirectoryW, CreateDirectoryW, CreateFileW, CreateThread, GetSystemTimeAsFileTime, GetNativeSystemInfo, lstrcatA, lstrlenA, GetVersionExA, GetCurrentProcess, GetExitCodeProcess, ResumeThread, ReleaseMutex, WaitForSingleObject, CreateMutexW, CreateProcessW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetDiskFreeSpaceExW, CopyFileW, MoveFileExW, CreateHardLinkW, HeapAlloc, GetProcessHeap, HeapSetInformation, ExitProcess, IsProcessorFeaturePresent, lstrcpyW, GetModuleHandleW, GetSystemDirectoryW, SetDllDirectoryW, InterlockedExchange, LockResource, WriteConsoleW, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, FindFirstFileExW, GetLastError, HeapFree, InterlockedExchangeAdd, GetVersionExW, FindResourceW, LoadLibraryW, SizeofResource, LoadResource, GlobalFree, GlobalUnlock, GlobalLock, FindClose, GetFileType, GetStringTypeW, GlobalAlloc, FreeLibrary, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, LoadLibraryA, DecodePointer, GetVersion, HeapDestroy, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, DeviceIoControl, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, OutputDebugStringW, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, GetACP, GetProcAddress
                                                                                                                                                                          USER32.dllGetMessageW, TranslateMessage, DispatchMessageW, SendMessageW, AllowSetForegroundWindow, PostMessageW, wsprintfA, LoadStringW, MessageBoxExW, wsprintfW, SystemParametersInfoW, IsDialogMessageW, LoadImageW, DestroyIcon, FindWindowW, FillRect, GetWindowRect, InvalidateRect, EndPaint, BeginPaint, ReleaseDC, GetDC, SetForegroundWindow, GetSystemMetrics, KillTimer, SetTimer, SetFocus, SetWindowPos, DestroyWindow, CreateWindowExW, RegisterClassExW, PostQuitMessage, DefWindowProcW
                                                                                                                                                                          GDI32.dllGetTextExtentPoint32W, GetObjectW, CreateDIBSection, SelectObject, CreateFontIndirectW, DeleteObject, CreateSolidBrush, CreatePatternBrush
                                                                                                                                                                          ADVAPI32.dllCryptDestroyHash, CryptHashData, CryptCreateHash, CryptGenRandom, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextA, GetSidSubAuthorityCount, GetSidSubAuthority, IsValidSid, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorA
                                                                                                                                                                          ole32.dllCoCreateInstance, CreateStreamOnHGlobal, CoUninitialize, CoInitializeEx
                                                                                                                                                                          COMCTL32.dll

                                                                                                                                                                          Possible Origin

                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                          FrenchFrance
                                                                                                                                                                          PortugueseBrazil
                                                                                                                                                                          RussianRussia

                                                                                                                                                                          Network Behavior

                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                          2024-11-17T04:01:23.102228+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971134.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:01:23.108550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971234.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:01:24.411250+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971334.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:01:25.582621+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971534.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:01:26.078792+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971634.160.176.28443TCP
                                                                                                                                                                          2024-11-17T04:01:27.076964+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54971734.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:02:00.735217+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.56509034.160.176.28443TCP
                                                                                                                                                                          2024-11-17T04:02:04.905276+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.56511334.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:02:06.708925+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.56512534.111.24.1443TCP
                                                                                                                                                                          2024-11-17T04:02:07.669740+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.56513134.117.223.223443TCP
                                                                                                                                                                          2024-11-17T04:03:04.054341+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.56520134.117.223.223443TCP

                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                          TCP Packets

                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                          Nov 17, 2024 04:01:13.253359079 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:13.258143902 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:13.258260012 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:13.258408070 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:13.258408070 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:13.263329983 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:13.263345957 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:13.884944916 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:13.937036991 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:21.255726099 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:21.255795956 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:21.260823011 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:21.260847092 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:21.414294004 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:21.468286037 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.476007938 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.476037979 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:22.476243019 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.482475996 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.482510090 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:22.482713938 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.482713938 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.482741117 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:22.485276937 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:22.485294104 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.102051020 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.102227926 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.106976032 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.106987000 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.107245922 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.108479023 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.108550072 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.125483036 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.125500917 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.125865936 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.155787945 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.171403885 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.322210073 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.322295904 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.322329044 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.322745085 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.322767019 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.322777033 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.482217073 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.482306004 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.483427048 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.484023094 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.484055996 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.484189034 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.492163897 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.492216110 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.492250919 CET49711443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.492266893 CET4434971134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.525548935 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.525563002 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.525578022 CET49712443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.525585890 CET4434971234.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.786423922 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.786499023 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:23.786715984 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.787741899 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:23.787777901 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.411151886 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.411250114 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.412993908 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.413007975 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.413429022 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.414678097 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.414716959 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.414722919 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.574271917 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.574486971 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.574596882 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.574943066 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.575031042 CET4434971334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.575093031 CET49713443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.877775908 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.877885103 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:24.877988100 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.878384113 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:24.878422022 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.454626083 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:25.454675913 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.454811096 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:25.455898046 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:25.455919981 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.582523108 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.582621098 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.584336996 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.584351063 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.584748030 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.585724115 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.585805893 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.585813046 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.746963024 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.748421907 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.748657942 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.748657942 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.748775959 CET49715443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:25.748823881 CET4434971534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.078583956 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.078792095 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.104661942 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.104690075 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.105165958 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.156111002 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.395092964 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.395093918 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.395242929 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.450330019 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:26.450397968 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.450479984 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:26.451750994 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:26.451788902 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.715789080 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.715915918 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.715922117 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.715950966 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716036081 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716087103 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.716109991 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716130972 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716190100 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.716200113 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716217995 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716238976 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.716248035 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716283083 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.716304064 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716376066 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.716401100 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.716465950 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.720617056 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.720690012 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.720707893 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.720752001 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.720793009 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.720849037 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.720885038 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.720943928 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.720978975 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721045971 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721052885 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.721070051 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721149921 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721204042 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.721215010 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721263885 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.721824884 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721918106 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.721925020 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.721983910 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.722038031 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.722055912 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.722063065 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.722156048 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.722697973 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.722781897 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.722795010 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.722841978 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.722971916 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.722981930 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.723109007 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.723115921 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.723690987 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.723839998 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.735106945 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.735106945 CET49716443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:01:26.735131025 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:26.735143900 CET4434971634.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.076818943 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.076963902 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:27.078634024 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:27.078658104 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.079734087 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.080615044 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:27.080646992 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:27.080656052 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.242358923 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.242738962 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:27.242738962 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:27.242995024 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.243037939 CET4434971734.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:27.243093014 CET49717443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:01:34.877091885 CET6494253192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:34.882013083 CET53649421.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:34.882210970 CET6494253192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:34.890856981 CET53649421.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:35.648094893 CET6494253192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:35.657651901 CET53649421.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:35.657740116 CET6494253192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:00.120791912 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.120820999 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:00.120893955 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.121989012 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.122004986 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:00.735150099 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:00.735217094 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.739686966 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.739700079 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:00.740000963 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:00.780734062 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.783503056 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.783652067 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:00.783749104 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117434978 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117516041 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117537022 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.117558956 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117647886 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117688894 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.117697001 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117739916 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.117763042 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117921114 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.117975950 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.117980957 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.118163109 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.118215084 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.118220091 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.171504974 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.234525919 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.234705925 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.234793901 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.234797955 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.234824896 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.234966993 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235018015 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.235025883 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235065937 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.235090971 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235480070 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235569954 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235620975 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.235626936 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235677004 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.235795975 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.235960007 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.236042023 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.236094952 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.236100912 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.236150026 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.236154079 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.277928114 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.278006077 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.278011084 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.327615976 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.327636957 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.352261066 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.352333069 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.352339983 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.352495909 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.352650881 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.352710962 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.352921963 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.352931023 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:01.352942944 CET65090443192.168.2.534.160.176.28
                                                                                                                                                                          Nov 17, 2024 04:02:01.352946997 CET4436509034.160.176.28192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.301892996 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.301965952 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.302052975 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.302634001 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.302665949 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.310050011 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.310075998 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.310132027 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.311750889 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.311763048 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.905205011 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.905276060 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.915451050 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.915478945 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.915786982 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.924498081 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.924575090 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.968265057 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.968733072 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.968767881 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.968786001 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.996576071 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:04.996589899 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.997488976 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.998049021 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.039333105 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.124932051 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.126316071 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.130354881 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.130939960 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.130987883 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.131021976 CET65113443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.131038904 CET4436511334.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.157185078 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.158550978 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.159153938 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.159387112 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.159400940 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:05.159512997 CET65114443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:05.159519911 CET4436511434.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.096559048 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.096610069 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.096682072 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.096986055 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.097018957 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.708688021 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.708925009 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.710797071 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.710824966 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.711343050 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.712316990 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.755350113 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.875879049 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876005888 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876081944 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.876096010 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876148939 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876185894 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876224041 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.876250982 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876276016 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876324892 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.876338959 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876360893 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876400948 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.876414061 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876437902 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876475096 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.876488924 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.876699924 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.876713991 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.880366087 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.880466938 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.880479097 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.921377897 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.990705013 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.990843058 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.990919113 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.990937948 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.990967035 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.991028070 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.991051912 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.992405891 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.992485046 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.992542982 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.992588997 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.992619991 CET65125443192.168.2.534.111.24.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.992635012 CET4436512534.111.24.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.042680025 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:07.042730093 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.042809963 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:07.043281078 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:07.043313980 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.669620037 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.669739962 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:07.670900106 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:07.670906067 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.671963930 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.673114061 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:07.673150063 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.828421116 CET4436513134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.829659939 CET65131443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:21.453376055 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:02:21.459333897 CET804970534.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:21.459395885 CET4970580192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:03.435129881 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:03.435220003 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:03.435362101 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:03.435643911 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:03.435684919 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.054100990 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.054341078 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.055649996 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.055706978 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.056034088 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.056775093 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.056926012 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.056940079 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.213881016 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.215380907 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.215478897 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.215509892 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.215526104 CET4436520134.117.223.223192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:04.215542078 CET65201443192.168.2.534.117.223.223
                                                                                                                                                                          Nov 17, 2024 04:03:04.215548992 CET4436520134.117.223.223192.168.2.5

                                                                                                                                                                          UDP Packets

                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                          Nov 17, 2024 04:01:13.240526915 CET5545553192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:13.241178036 CET5428753192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:13.247615099 CET53554551.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:22.471035004 CET5203153192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:22.479835033 CET53520311.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.393203974 CET4928553192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:25.400708914 CET53492851.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.407406092 CET5029353192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:25.414366007 CET53502931.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:25.441180944 CET5528753192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:01:25.448635101 CET53552871.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:29.395292044 CET6351253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.396733046 CET6305353192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.397176027 CET6351253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.397891998 CET5814753192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.398355961 CET6351253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.399122000 CET6106353192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.399497986 CET6351253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.400190115 CET5059053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.400501966 CET6351253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.401691914 CET5955753192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.402014971 CET6351253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.402772903 CET6536853192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.488475084 CET6538053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.490077019 CET6016053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.490468979 CET6538053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.491488934 CET5297653192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.491861105 CET6538053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.492933989 CET6347453192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.493237019 CET6538053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.494071007 CET6350453192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.494612932 CET6538053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.495170116 CET6466953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.495661020 CET6538053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:29.496243954 CET6243853192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:34.873344898 CET53564601.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:01:55.272284985 CET6424153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.274255037 CET5977353192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.274544001 CET6424153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.275258064 CET6228653192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.275446892 CET6424153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.276077986 CET5989553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.276350975 CET6424153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.277029991 CET5528553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.277220011 CET6424153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.277812004 CET4999253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.278156042 CET6424153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.278759956 CET5304053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.364651918 CET5305253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.365736961 CET5732553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.366131067 CET5305253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.367546082 CET5619153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.367937088 CET5305253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.368666887 CET6447553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.368920088 CET5305253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.369548082 CET5046553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.370170116 CET5305253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.371340036 CET5791253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.371692896 CET5305253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:55.373495102 CET5975953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.657682896 CET5977253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.658430099 CET6267253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.658967972 CET5977253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.659579992 CET6508853192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.659883022 CET5977253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.660454035 CET5098453192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.660752058 CET5977253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.661530018 CET6016753192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.661912918 CET5977253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.662573099 CET5787053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.662931919 CET5977253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.663662910 CET5298753192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.759423018 CET5299953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.760135889 CET6335153192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.760694027 CET5299953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.761506081 CET5159053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.762036085 CET5299953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.762924910 CET6256053192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.763432980 CET5299953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.764182091 CET6396553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.764864922 CET5299953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.766825914 CET6145953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.769861937 CET5299953192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:01:56.770658970 CET5885653192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:02:00.087574005 CET5410153192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:00.096353054 CET53541011.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:03.508344889 CET5410253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:02:03.509133101 CET5637353192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:02:03.514924049 CET53541028.8.8.8192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:03.515620947 CET53563738.8.8.8192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:03.893935919 CET5637553192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:02:03.894402981 CET6441253192.168.2.58.8.8.8
                                                                                                                                                                          Nov 17, 2024 04:02:03.900609970 CET53563758.8.8.8192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:03.900844097 CET53644128.8.8.8192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:04.302181005 CET6441353192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:04.309386969 CET53644131.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.079647064 CET6449653192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.086838961 CET53644961.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:06.088376999 CET5899053192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:06.095681906 CET53589901.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.025002956 CET5426053192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:07.025273085 CET5777653192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:07.033044100 CET53542601.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:02:07.034745932 CET4951353192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:07.035463095 CET5695053192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:02:07.042071104 CET53495131.1.1.1192.168.2.5
                                                                                                                                                                          Nov 17, 2024 04:03:03.425276041 CET6407453192.168.2.51.1.1.1
                                                                                                                                                                          Nov 17, 2024 04:03:03.434111118 CET53640741.1.1.1192.168.2.5

                                                                                                                                                                          DNS Queries

                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                          Nov 17, 2024 04:01:13.240526915 CET192.168.2.51.1.1.10xa4b0Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:13.241178036 CET192.168.2.51.1.1.10x8270Standard query (0)iavs9x.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:22.471035004 CET192.168.2.51.1.1.10xc510Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.393203974 CET192.168.2.51.1.1.10xec4bStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.407406092 CET192.168.2.51.1.1.10x47c1Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.441180944 CET192.168.2.51.1.1.10x927cStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.395292044 CET192.168.2.58.8.8.80x560dStandard query (0)b8003600.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.396733046 CET192.168.2.58.8.8.80x6316Standard query (0)b8003600.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.397176027 CET192.168.2.58.8.8.80x96c5Standard query (0)l4691727.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.397891998 CET192.168.2.58.8.8.80x9a2bStandard query (0)l4691727.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.398355961 CET192.168.2.58.8.8.80x3219Standard query (0)n2833777.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.399122000 CET192.168.2.58.8.8.80xb769Standard query (0)n2833777.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.399497986 CET192.168.2.58.8.8.80xe058Standard query (0)r6726306.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.400190115 CET192.168.2.58.8.8.80x414Standard query (0)r6726306.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.400501966 CET192.168.2.58.8.8.80x7a4cStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.401691914 CET192.168.2.58.8.8.80x1993Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.402014971 CET192.168.2.58.8.8.80x9caStandard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.402772903 CET192.168.2.58.8.8.80x77b3Standard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.488475084 CET192.168.2.58.8.8.80x1aa8Standard query (0)b8003600.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.490077019 CET192.168.2.58.8.8.80xfdbeStandard query (0)b8003600.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.490468979 CET192.168.2.58.8.8.80x601cStandard query (0)l4691727.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.491488934 CET192.168.2.58.8.8.80x41d1Standard query (0)l4691727.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.491861105 CET192.168.2.58.8.8.80x7056Standard query (0)n2833777.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.492933989 CET192.168.2.58.8.8.80x3235Standard query (0)n2833777.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.493237019 CET192.168.2.58.8.8.80xe284Standard query (0)r6726306.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.494071007 CET192.168.2.58.8.8.80xae20Standard query (0)r6726306.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.494612932 CET192.168.2.58.8.8.80x7c01Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.495170116 CET192.168.2.58.8.8.80xa34Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.495661020 CET192.168.2.58.8.8.80xe49eStandard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.496243954 CET192.168.2.58.8.8.80x7d94Standard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.272284985 CET192.168.2.58.8.8.80x4b35Standard query (0)l7814800.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.274255037 CET192.168.2.58.8.8.80x207dStandard query (0)l7814800.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.274544001 CET192.168.2.58.8.8.80x41d1Standard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.275258064 CET192.168.2.58.8.8.80xcf53Standard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.275446892 CET192.168.2.58.8.8.80xd5a9Standard query (0)r9319236.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.276077986 CET192.168.2.58.8.8.80x5f4Standard query (0)r9319236.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.276350975 CET192.168.2.58.8.8.80xaba8Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.277029991 CET192.168.2.58.8.8.80x8f44Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.277220011 CET192.168.2.58.8.8.80x3de5Standard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.277812004 CET192.168.2.58.8.8.80x8f5aStandard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.278156042 CET192.168.2.58.8.8.80x5eecStandard query (0)z4055813.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.278759956 CET192.168.2.58.8.8.80xa8a9Standard query (0)z4055813.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.364651918 CET192.168.2.58.8.8.80x465dStandard query (0)l7814800.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.365736961 CET192.168.2.58.8.8.80x604eStandard query (0)l7814800.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.366131067 CET192.168.2.58.8.8.80x529cStandard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.367546082 CET192.168.2.58.8.8.80xe38eStandard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.367937088 CET192.168.2.58.8.8.80xcd8dStandard query (0)r9319236.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.368666887 CET192.168.2.58.8.8.80x1c4bStandard query (0)r9319236.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.368920088 CET192.168.2.58.8.8.80xd439Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.369548082 CET192.168.2.58.8.8.80xdd62Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.370170116 CET192.168.2.58.8.8.80x779aStandard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.371340036 CET192.168.2.58.8.8.80x4b09Standard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.371692896 CET192.168.2.58.8.8.80xbfebStandard query (0)z4055813.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.373495102 CET192.168.2.58.8.8.80xc80Standard query (0)z4055813.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.657682896 CET192.168.2.58.8.8.80x22b3Standard query (0)b8003600.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.658430099 CET192.168.2.58.8.8.80x4edcStandard query (0)b8003600.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.658967972 CET192.168.2.58.8.8.80xd3f3Standard query (0)h4444966.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.659579992 CET192.168.2.58.8.8.80x7060Standard query (0)h4444966.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.659883022 CET192.168.2.58.8.8.80xa298Standard query (0)j0294597.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.660454035 CET192.168.2.58.8.8.80x71b7Standard query (0)j0294597.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.660752058 CET192.168.2.58.8.8.80x2625Standard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.661530018 CET192.168.2.58.8.8.80x148fStandard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.661912918 CET192.168.2.58.8.8.80x793aStandard query (0)y8002308.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.662573099 CET192.168.2.58.8.8.80xbcc7Standard query (0)y8002308.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.662931919 CET192.168.2.58.8.8.80xe00aStandard query (0)z4055813.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.663662910 CET192.168.2.58.8.8.80xd2e8Standard query (0)z4055813.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.759423018 CET192.168.2.58.8.8.80x74e5Standard query (0)b8003600.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.760135889 CET192.168.2.58.8.8.80x5aStandard query (0)b8003600.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.760694027 CET192.168.2.58.8.8.80x8050Standard query (0)h4444966.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.761506081 CET192.168.2.58.8.8.80x9464Standard query (0)h4444966.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.762036085 CET192.168.2.58.8.8.80x68aeStandard query (0)j0294597.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.762924910 CET192.168.2.58.8.8.80xc38fStandard query (0)j0294597.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.763432980 CET192.168.2.58.8.8.80x3d33Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.764182091 CET192.168.2.58.8.8.80x4595Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.764864922 CET192.168.2.58.8.8.80xc7e2Standard query (0)y8002308.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.766825914 CET192.168.2.58.8.8.80x65dfStandard query (0)y8002308.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.769861937 CET192.168.2.58.8.8.80x6159Standard query (0)z4055813.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.770658970 CET192.168.2.58.8.8.80x2c4dStandard query (0)z4055813.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:00.087574005 CET192.168.2.51.1.1.10xb8e0Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.508344889 CET192.168.2.58.8.8.80x5be3Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.509133101 CET192.168.2.58.8.8.80xe68dStandard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.893935919 CET192.168.2.58.8.8.80x36ffStandard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.894402981 CET192.168.2.58.8.8.80x2379Standard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:04.302181005 CET192.168.2.51.1.1.10xb84fStandard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.079647064 CET192.168.2.51.1.1.10x6ba7Standard query (0)ipm.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.088376999 CET192.168.2.51.1.1.10x24d2Standard query (0)ipm.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.025002956 CET192.168.2.51.1.1.10xe73aStandard query (0)analytics.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.025273085 CET192.168.2.51.1.1.10x5426Standard query (0)ipmcdn.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.034745932 CET192.168.2.51.1.1.10x2622Standard query (0)analytics.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.035463095 CET192.168.2.51.1.1.10xe2eeStandard query (0)ipmcdn.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:03:03.425276041 CET192.168.2.51.1.1.10xd284Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false

                                                                                                                                                                          DNS Answers

                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                          Nov 17, 2024 04:01:13.247615099 CET1.1.1.1192.168.2.50xa4b0No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:13.247615099 CET1.1.1.1192.168.2.50xa4b0No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:13.247615099 CET1.1.1.1192.168.2.50xa4b0No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:13.262752056 CET1.1.1.1192.168.2.50x8270No error (0)iavs9x.u.avcdn.netiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:22.479835033 CET1.1.1.1192.168.2.50xc510No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:22.479835033 CET1.1.1.1192.168.2.50xc510No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:22.479835033 CET1.1.1.1192.168.2.50xc510No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.400708914 CET1.1.1.1192.168.2.50xec4bNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.400708914 CET1.1.1.1192.168.2.50xec4bNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.414366007 CET1.1.1.1192.168.2.50x47c1No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.448635101 CET1.1.1.1192.168.2.50x927cNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:25.448635101 CET1.1.1.1192.168.2.50x927cNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.404686928 CET8.8.8.8192.168.2.50x560dNo error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.405843973 CET8.8.8.8192.168.2.50x6316No error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.406141996 CET8.8.8.8192.168.2.50x96c5No error (0)l4691727.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.406296015 CET8.8.8.8192.168.2.50x9a2bNo error (0)l4691727.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.406753063 CET8.8.8.8192.168.2.50xe058No error (0)r6726306.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.407392025 CET8.8.8.8192.168.2.50x3219No error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.407516003 CET8.8.8.8192.168.2.50xb769No error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.409128904 CET8.8.8.8192.168.2.50x414No error (0)r6726306.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.411187887 CET8.8.8.8192.168.2.50x9caNo error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.411216974 CET8.8.8.8192.168.2.50x7a4cNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.411243916 CET8.8.8.8192.168.2.50x77b3No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.411272049 CET8.8.8.8192.168.2.50x1993No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.497051001 CET8.8.8.8192.168.2.50x1aa8No error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.499118090 CET8.8.8.8192.168.2.50xfdbeNo error (0)b8003600.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.499434948 CET8.8.8.8192.168.2.50x601cNo error (0)l4691727.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.499855042 CET8.8.8.8192.168.2.50x41d1No error (0)l4691727.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.500180960 CET8.8.8.8192.168.2.50xe284No error (0)r6726306.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.500232935 CET8.8.8.8192.168.2.50x7056No error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.500282049 CET8.8.8.8192.168.2.50x3235No error (0)n2833777.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.501801968 CET8.8.8.8192.168.2.50xae20No error (0)r6726306.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.502844095 CET8.8.8.8192.168.2.50xe49eNo error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.503254890 CET8.8.8.8192.168.2.50x7c01No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.503413916 CET8.8.8.8192.168.2.50x7d94No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:29.503885031 CET8.8.8.8192.168.2.50xa34No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.281450033 CET8.8.8.8192.168.2.50x4b35No error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.282682896 CET8.8.8.8192.168.2.50xd5a9No error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.282738924 CET8.8.8.8192.168.2.50x41d1No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.283149004 CET8.8.8.8192.168.2.50x207dNo error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.284044027 CET8.8.8.8192.168.2.50x3de5No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.284264088 CET8.8.8.8192.168.2.50xcf53No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.284677982 CET8.8.8.8192.168.2.50x8f5aNo error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.284688950 CET8.8.8.8192.168.2.50x5f4No error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.285430908 CET8.8.8.8192.168.2.50xaba8No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.285440922 CET8.8.8.8192.168.2.50x8f44No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.286552906 CET8.8.8.8192.168.2.50x5eecNo error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.287801981 CET8.8.8.8192.168.2.50xa8a9No error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.373964071 CET8.8.8.8192.168.2.50x465dNo error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.374201059 CET8.8.8.8192.168.2.50x604eNo error (0)l7814800.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.375524998 CET8.8.8.8192.168.2.50x529cNo error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.375557899 CET8.8.8.8192.168.2.50x1c4bNo error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.376202106 CET8.8.8.8192.168.2.50xe38eNo error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.376432896 CET8.8.8.8192.168.2.50xcd8dNo error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.377037048 CET8.8.8.8192.168.2.50x779aNo error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.378041983 CET8.8.8.8192.168.2.50x4b09No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.378647089 CET8.8.8.8192.168.2.50xdd62No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.380279064 CET8.8.8.8192.168.2.50xbfebNo error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.380403996 CET8.8.8.8192.168.2.50xc80No error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:55.384207964 CET8.8.8.8192.168.2.50xd439No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.667656898 CET8.8.8.8192.168.2.50x7060No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.668767929 CET8.8.8.8192.168.2.50x71b7No error (0)j0294597.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.669044971 CET8.8.8.8192.168.2.50x4edcNo error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.669639111 CET8.8.8.8192.168.2.50x2625No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.669872999 CET8.8.8.8192.168.2.50xd3f3No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.670186043 CET8.8.8.8192.168.2.50x148fNo error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.671186924 CET8.8.8.8192.168.2.50xbcc7No error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.672379971 CET8.8.8.8192.168.2.50xe00aNo error (0)z4055813.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.673779964 CET8.8.8.8192.168.2.50x22b3No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.674596071 CET8.8.8.8192.168.2.50xa298No error (0)j0294597.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.678261042 CET8.8.8.8192.168.2.50x793aNo error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.690016985 CET8.8.8.8192.168.2.50xd2e8No error (0)z4055813.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.769315958 CET8.8.8.8192.168.2.50x8050No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.770098925 CET8.8.8.8192.168.2.50x74e5No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.770172119 CET8.8.8.8192.168.2.50x9464No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.770929098 CET8.8.8.8192.168.2.50x5aNo error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.771368980 CET8.8.8.8192.168.2.50xc38fNo error (0)j0294597.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.772558928 CET8.8.8.8192.168.2.50x4595No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.775471926 CET8.8.8.8192.168.2.50x65dfNo error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.775547028 CET8.8.8.8192.168.2.50xc7e2No error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.776794910 CET8.8.8.8192.168.2.50x3d33No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.778496981 CET8.8.8.8192.168.2.50x6159No error (0)z4055813.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.778635979 CET8.8.8.8192.168.2.50x68aeNo error (0)j0294597.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:01:56.785465956 CET8.8.8.8192.168.2.50x2c4dNo error (0)z4055813.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:00.096353054 CET1.1.1.1192.168.2.50xb8e0No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.514924049 CET8.8.8.8192.168.2.50x5be3No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.514924049 CET8.8.8.8192.168.2.50x5be3No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.514924049 CET8.8.8.8192.168.2.50x5be3No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.515620947 CET8.8.8.8192.168.2.50xe68dNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.515620947 CET8.8.8.8192.168.2.50xe68dNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.515620947 CET8.8.8.8192.168.2.50xe68dNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.900609970 CET8.8.8.8192.168.2.50x36ffNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.900609970 CET8.8.8.8192.168.2.50x36ffNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.900844097 CET8.8.8.8192.168.2.50x2379No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:03.900844097 CET8.8.8.8192.168.2.50x2379No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:04.309386969 CET1.1.1.1192.168.2.50xb84fNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:04.309386969 CET1.1.1.1192.168.2.50xb84fNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:04.309386969 CET1.1.1.1192.168.2.50xb84fNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.086838961 CET1.1.1.1192.168.2.50x6ba7No error (0)ipm.avcdn.netipm-provider.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.086838961 CET1.1.1.1192.168.2.50x6ba7No error (0)ipm-provider.ff.avast.comipm-gcp-prod.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.086838961 CET1.1.1.1192.168.2.50x6ba7No error (0)ipm-gcp-prod.ff.avast.com34.111.24.1A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.095681906 CET1.1.1.1192.168.2.50x24d2No error (0)ipm.avcdn.netipm-provider.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.095681906 CET1.1.1.1192.168.2.50x24d2No error (0)ipm-provider.ff.avast.comipm-gcp-prod.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:06.095681906 CET1.1.1.1192.168.2.50x24d2No error (0)ipm-gcp-prod.ff.avast.com34.111.24.1A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.033044100 CET1.1.1.1192.168.2.50xe73aNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.033044100 CET1.1.1.1192.168.2.50xe73aNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.033554077 CET1.1.1.1192.168.2.50x5426No error (0)ipmcdn.avast.comipmcdn.avast.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.042071104 CET1.1.1.1192.168.2.50x2622No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.042071104 CET1.1.1.1192.168.2.50x2622No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:02:07.044112921 CET1.1.1.1192.168.2.50xe2eeNo error (0)ipmcdn.avast.comipmcdn.avast.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:03:03.434111118 CET1.1.1.1192.168.2.50xd284No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:03:03.434111118 CET1.1.1.1192.168.2.50xd284No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                          Nov 17, 2024 04:03:03.434111118 CET1.1.1.1192.168.2.50xd284No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false

                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                          • v7event.stats.avast.com
                                                                                                                                                                          • analytics.avcdn.net
                                                                                                                                                                          • shepherd.ff.avast.com
                                                                                                                                                                          • ipm.avcdn.net
                                                                                                                                                                          • analytics.ff.avast.com

                                                                                                                                                                          HTTP Packets

                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          0192.168.2.54970534.117.223.223806844C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          Nov 17, 2024 04:01:13.258408070 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          User-Agent: Avast Microstub/2.1
                                                                                                                                                                          Content-Length: 267
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          Nov 17, 2024 04:01:13.258408070 CET267OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 31 46 32 43 43 41 44 33 38 31 32 36 35 36 43
                                                                                                                                                                          Data Ascii: cookie=mmm_ava_esg_000_361_medition=1event=microstub-startmidex=1F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6stat_session=b858270f-b963-4fb3-8da8-e6ad4a98c8f2statsSendTime=1731812471os=win,10,0,2,19045,0,AMD64exe_vers
                                                                                                                                                                          Nov 17, 2024 04:01:13.884944916 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:13 GMT
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Nov 17, 2024 04:01:21.255726099 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          User-Agent: Avast Microstub/2.1
                                                                                                                                                                          Content-Length: 282
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          Nov 17, 2024 04:01:21.255795956 CET282OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 31 46 32 43 43 41 44 33 38 31 32 36
                                                                                                                                                                          Data Ascii: cookie=mmm_ava_esg_000_361_medition=1event=microstub-downloadmidex=1F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6stat_session=b858270f-b963-4fb3-8da8-e6ad4a98c8f2statsSendTime=1731812509os=win,10,0,2,19045,0,AMD64exe_v
                                                                                                                                                                          Nov 17, 2024 04:01:21.414294004 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:21 GMT
                                                                                                                                                                          Via: 1.1 google


                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          0192.168.2.54971134.117.223.2234433868C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:01:23 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          Content-MD5: CpKkUpyrs6l88iz4KdcPbQ==
                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                          Content-Length: 392
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          2024-11-17 03:01:23 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 32 34 37 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 0a 6d 69 64 65 78 3d 31 66 32 63 63 61 64 33 38 31 32 36 35 36 63 34 39 33 30 36 30 38 33 33 37 63 34 66 62 34 61 35 35 64 33 32 63 63 62 34 33 62 35 39
                                                                                                                                                                          Data Ascii: SfxCreated=1731812471SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=5bee0db5-140b-4567-a82a-8d917bd4e4demidex=1f2ccad3812656c4930608337c4fb4a55d32ccb43b59
                                                                                                                                                                          2024-11-17 03:01:23 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:23 GMT
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          1192.168.2.54971234.117.223.2234433868C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:01:23 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                          Content-Length: 604
                                                                                                                                                                          Host: analytics.avcdn.net
                                                                                                                                                                          2024-11-17 03:01:23 UTC604OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 31 2c 22 74 69 6d 65 22 3a 31 37 33 31 38 31 36 36 32 37 39 30 34 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 22 2c 22 68 77 69 64 22 3a 22 31 46 32 43 43 41 44 33 38 31 32 36 35 36 43 34 39 33 30 36 30 38 33 33 37 43 34 46 42 34 41 35 35 44 33 32 43 43 42 34 33 42 35 39 38 46 34 46 38 30 30 37 32 38 37 32 38 33 39 43 44 43 44 36 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 22 7d 2c 22 69 6e 73 74 75 70 22 3a
                                                                                                                                                                          Data Ascii: {"record":[{"event":{"subtype":1,"time":1731816627904,"type":70},"identity":{"guid":"5bee0db5-140b-4567-a82a-8d917bd4e4de","hwid":"1F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6"},"installation":{"aiid":"mmm_ava_esg_000_361_m"},"instup":
                                                                                                                                                                          2024-11-17 03:01:23 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:23 GMT
                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                          Content-Length: 19
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:01:23 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                          Data Ascii: {"processed": true}


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          2192.168.2.54971334.117.223.2234433868C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:01:24 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          Content-MD5: CpKkUpyrs6l88iz4KdcPbQ==
                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                          Content-Length: 392
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          2024-11-17 03:01:24 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 32 34 37 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 0a 6d 69 64 65 78 3d 31 66 32 63 63 61 64 33 38 31 32 36 35 36 63 34 39 33 30 36 30 38 33 33 37 63 34 66 62 34 61 35 35 64 33 32 63 63 62 34 33 62 35 39
                                                                                                                                                                          Data Ascii: SfxCreated=1731812471SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=5bee0db5-140b-4567-a82a-8d917bd4e4demidex=1f2ccad3812656c4930608337c4fb4a55d32ccb43b59
                                                                                                                                                                          2024-11-17 03:01:24 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:24 GMT
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          3192.168.2.54971534.117.223.2234433868C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:01:25 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          Content-MD5: CpKkUpyrs6l88iz4KdcPbQ==
                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                          Content-Length: 392
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          2024-11-17 03:01:25 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 32 34 37 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 0a 6d 69 64 65 78 3d 31 66 32 63 63 61 64 33 38 31 32 36 35 36 63 34 39 33 30 36 30 38 33 33 37 63 34 66 62 34 61 35 35 64 33 32 63 63 62 34 33 62 35 39
                                                                                                                                                                          Data Ascii: SfxCreated=1731812471SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=5bee0db5-140b-4567-a82a-8d917bd4e4demidex=1f2ccad3812656c4930608337c4fb4a55d32ccb43b59
                                                                                                                                                                          2024-11-17 03:01:25 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:25 GMT
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          4192.168.2.54971634.160.176.284434196C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:01:26 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Host: shepherd.ff.avast.com
                                                                                                                                                                          User-Agent: Avast Antivirus
                                                                                                                                                                          Content-Length: 271
                                                                                                                                                                          2024-11-17 03:01:26 UTC271OUTData Raw: 64 61 74 61 3d 43 41 41 51 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 59 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 67 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 71 46 57 31 74 62 56 39 68 64 6d 46 66 5a 58 4e 6e 58 7a 41 77 4d 46 38 7a 4e 6a 46 66 62 57 49 43 43 67 43 49 41 51 44 4b 41 79 51 31 59 6d 56 6c 4d 47 52 69 4e 53 30 78 4e 44 42 69 4c 54 51 31 4e 6a 63 74 59 54 67 79 59 53 30 34 5a 44 6b 78 4e 32 4a 6b 4e 47 55 30 5a 47 58 79 41 77 51 34 4d 54 6b 78 67 67 6c 41 4d 55 59 79 51 30 4e 42 52 44 4d 34 4d 54 49 32 4e 54 5a 44 4e 44 6b 7a 4d 44 59 77 4f 44 4d 7a 4e 30 4d 30 52 6b 49 30 51 54 55 31 52 44 4d 79 51 30 4e 43 4e 44 4e 43 4e 54 6b 34 52 6a 52 47 4f 44 41 77 4e 7a 49 34 4e 7a 49 34 4d 7a 6c 44 52 45 4e 45 4e 74 6f 54
                                                                                                                                                                          Data Ascii: data=CAAQ%2F%2F%2F%2F%2Fw8Y%2F%2F%2F%2F%2Fw8g%2F%2F%2F%2F%2Fw8qFW1tbV9hdmFfZXNnXzAwMF8zNjFfbWICCgCIAQDKAyQ1YmVlMGRiNS0xNDBiLTQ1NjctYTgyYS04ZDkxN2JkNGU0ZGXyAwQ4MTkxgglAMUYyQ0NBRDM4MTI2NTZDNDkzMDYwODMzN0M0RkI0QTU1RDMyQ0NCNDNCNTk4RjRGODAwNzI4NzI4MzlDRENENtoT
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:26 GMT
                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                          Content-Length: 34405
                                                                                                                                                                          AB-Tests: 49afa038-20e4-4cff-b058-f7c69b5a850d:A,Indruch_SS_4Thursdays_fake:d,av-32836-v2-fake:b,av-39646-v2-fake:a,oa-7466-v0:c
                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                          Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                          Config-Id: 5
                                                                                                                                                                          Config-Name: Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_not-avast-one_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ispublicrelease_versions-older-than-24.6_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-9f4def122112ec25bfe98e9c5b47780e4330caf2e810e507ae27d0ec074d08b0
                                                                                                                                                                          Config-Version: 5198
                                                                                                                                                                          Segments: websocket testing,ipm_6363_chrome_offer_setup_free,free,production new installs,not avast one,version 18.6 and higher,production,product version older than 24.4,quic sni block release stage 2,v2017,noomnianda1,phone support tile,avast 18 r7 and 18 r8,fs and idp integration,cef settings off,opening browser onboarding,old smartscan,ispublicrelease,versions older than 24.6,usa,ipm_6513_open_ui_a,test akamai,test pam no master password,v18.5 and higher,cleanup premium installation,release - iavs9x only,version 19.1 and older
                                                                                                                                                                          TTL: 86400
                                                                                                                                                                          TTL-Spread: 43200
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: clear
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                          Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 70 5a 43 49 36 49 6b 46 57 51 56 4e 55 58 30 46 57 58 31 42 42 57 55 31 46 54 6c 52 66 52 6b 46 4a 54 45 56 45 58 7a 4d 30 4e 79 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 42 76 63 48 56 77 49 69 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 51 33 4c 43 4a 6a 62 32 35 7a 64 48 4a 68 61 57 35 30 63 79 49 36 65 79 4a 68 62 6d 51 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 78 70 64 43 4a 39 4c 44 45 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 47 56 34 49 6e 30 73 4d 54 56 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d
                                                                                                                                                                          Data Ascii: pZCI6IkFWQVNUX0FWX1BBWU1FTlRfRkFJTEVEXzM0NyIsInBsYWNlbWVudCI6InBvcHVwIiwiZWxlbWVudCI6MzQ3LCJjb25zdHJhaW50cyI6eyJhbmQiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2xpdCJ9LDEwXX0seyJsZXNzZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbGV4In0sMTVdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYm
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 51 69 4f 69 4a 77 62 33 42 31 63 43 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 4d 33 4e 69 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 43 77 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4e 6a 42 39 66 58 30 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66
                                                                                                                                                                          Data Ascii: QiOiJwb3B1cCIsImVsZW1lbnQiOjM3Niwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0cnlBZ2FpbkFmdGVyIjozMCwidGltZVRvTGl2ZUFjdGl2ZU1zZyI6NjB9fX0sImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQif
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 30 39 66 4d 54 67 32 4d 54 45 69 4c 43 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 74 61 57 51 69 66 56 31 39 66 53 78 37 49 6d 6c 6b 49 6a 6f 69 51 56 5a 42 55 31 52 66 51 56 5a 66 52 55 46 53 54 46 6c 66 55 6b 56 4f 52 56 64 42 54 46 39 43 54 45 46 54 56 43 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 42 76 63 48 56 77 49 69 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 51 33 4c 43 4a 6a 62 32 35 7a 64 48 4a 68 61 57 35 30 63 79 49 36 65 79 4a 68 62 6d 51 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 78 70 64 43 4a 39 4c 44 45 77 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77
                                                                                                                                                                          Data Ascii: 09fMTg2MTEiLCJuYW1lIjoicF9taWQifV19fSx7ImlkIjoiQVZBU1RfQVZfRUFSTFlfUkVORVdBTF9CTEFTVCIsInBsYWNlbWVudCI6InBvcHVwIiwiZWxlbWVudCI6MzQ3LCJjb25zdHJhaW50cyI6eyJhbmQiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2xpdCJ9LDEwXX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5w
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 49 6a 70 37 49 6e 42 68 63 6d 46 74 63 79 49 36 57 33 73 69 62 6d 46 74 5a 53 49 36 49 6d 46 6a 64 47 6c 76 62 69 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 78 66 56 30 73 49 6d 56 32 59 57 78 31 59 58 52 6c 55 47 46 79 59 57 31 7a 49 6a 70 62 65 79 4a 75 59 57 31 6c 49 6a 6f 69 53 56 42 4e 58 31 56 53 54 46 39 51 51 56 4a 42 54 56 4e 66 51 55 78 4d 49 6e 31 64 66 53 77 69 63 48 4a 70 62 33 4a 70 64 48 6b 69 4f 6a 45 78 4d 44 42 39 4c 48 73 69 61 57 51 69 4f 69 4a 4f 51 55 64 66 52 56 68 51 53 56 4a 46 52 46 39 51 51 55 31 66 51 56 5a 42 55 31 51 69 4c 43 4a 77 62 47 46 6a 5a 57 31 6c 62 6e 51 69 4f 69 4a 77 62 33 42 31 63 43 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 49 33 4d 79 77 69 59 32 39 75 63 33 52 79 59 57 6c 75 64 48 4d 69 4f 6e 73 69 59 57 35
                                                                                                                                                                          Data Ascii: Ijp7InBhcmFtcyI6W3sibmFtZSI6ImFjdGlvbiIsInZhbHVlIjoxfV0sImV2YWx1YXRlUGFyYW1zIjpbeyJuYW1lIjoiSVBNX1VSTF9QQVJBTVNfQUxMIn1dfSwicHJpb3JpdHkiOjExMDB9LHsiaWQiOiJOQUdfRVhQSVJFRF9QQU1fQVZBU1QiLCJwbGFjZW1lbnQiOiJwb3B1cCIsImVsZW1lbnQiOjI3MywiY29uc3RyYWludHMiOnsiYW5
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 50 63 48 52 70 62 32 34 69 4f 6e 73 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 5a 58 68 77 61 58 4a 68 64 47 6c 76 62 69 49 73 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4d 7a 59 77 4c 43 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 44 42 39 66 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 4d 58 31 64 4c 43 4a 6c 64 6d 46 73 64 57 46 30 5a 56 42 68 63 6d 46 74 63 79
                                                                                                                                                                          Data Ascii: PcHRpb24iOnsibm90aWZ5TGltaXRlcklEIjoiZXhwaXJhdGlvbiIsImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl2ZU1zZyI6MzYwLCJ0cnlBZ2FpbkFmdGVyIjozMDB9fX0sInVybCI6eyJwYXJhbXMiOlt7Im5hbWUiOiJhY3Rpb24iLCJ2YWx1ZSI6MX1dLCJldmFsdWF0ZVBhcmFtcy
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 65 50 65 72 66 6f 72 6d 61 6e 63 65 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 4e 6f 41 76 61 73 74 49 6e 74 65 72 72 75 70 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 41 6c 6c 55 70 64 61 74 65 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 41 76 42 61 63 6b 67 72 6f 75 6e 64 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 53 79 73 74 65 6d 42 61 63 6b 67 72 6f 75 6e 64 54 61 73 6b 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 50 61 75 73 65 57 69 6e 64 6f 77 73 55 70 64 61 74 65 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 53 65 74 43 70 75 4c 69 6d 69 74 5f
                                                                                                                                                                          Data Ascii: ePerformance_Enabled=0GameRule_NoAvastInterruptions_Enabled=1GameRule_PauseAllUpdateTasks_Enabled=1GameRule_PauseAvBackgroundTasks_Enabled=1GameRule_PauseSystemBackgroundTasks_Enabled=1GameRule_PauseWindowsUpdate_Enabled=1GameRule_SetCpuLimit_
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 5f 53 43 41 4e 5f 42 41 43 4b 45 4e 44 5f 55 52 4c 5f 56 36 3d 68 74 74 70 73 3a 2f 2f 6f 75 74 73 69 64 65 2d 73 63 61 6e 6e 65 72 2d 76 36 2e 66 66 2e 61 76 61 73 74 2e 63 6f 6d 2f 76 32 2f 69 6e 73 70 65 63 74 69 6f 6e 0d 0a 4f 55 54 53 49 44 45 5f 53 43 41 4e 5f 45 53 53 45 4e 54 49 41 4c 5f 50 52 4f 42 45 53 3d 7b 22 70 72 6f 62 65 73 22 3a 5b 7b 22 70 6f 72 74 22 3a 32 31 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 32 32 2c 22 74 79 70 65 22 3a 22 74 63 70 5f 63 6f 6e 6e 65 63 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 32 33 2c 22 74 79 70 65 22 3a 22 74 65 6c 6e 65 74 22 7d 2c 7b 22 70 6f 72 74 22 3a 38 30 2c 22 74 79 70 65 22 3a 22 68 74 74 70 22 7d 2c 7b 22 70 6f 72 74 22 3a 31 33 35 2c 22 74 79 70 65 22
                                                                                                                                                                          Data Ascii: _SCAN_BACKEND_URL_V6=https://outside-scanner-v6.ff.avast.com/v2/inspectionOUTSIDE_SCAN_ESSENTIAL_PROBES={"probes":[{"port":21,"type":"tcp_connect"},{"port":22,"type":"tcp_connect"},{"port":23,"type":"telnet"},{"port":80,"type":"http"},{"port":135,"type"
                                                                                                                                                                          2024-11-17 03:01:26 UTC1679INData Raw: 62 63 5f 73 74 61 2c 62 63 5f 74 73 64 2c 62 63 5f 74 72 65 2c 62 63 5f 74 79 70 2c 70 5f 63 6c 76 2c 70 5f 63 63 73 73 2c 70 5f 62 63 68 70 61 6d 2c 70 5f 62 63 68 73 70 2c 70 5f 63 75 61 63 61 67 65 2c 70 5f 63 62 6e 2c 70 5f 63 6d 72 75 2c 70 5f 63 69 73 73 2c 70 5f 63 75 66 6c 2c 70 5f 63 72 69 64 2c 70 5f 63 6f 69 6e 2c 70 5f 69 69 64 2c 70 5f 69 64 77 2c 70 5f 74 76 61 2c 70 5f 64 62 74 73 2c 70 5f 64 62 74 75 2c 70 5f 74 72 6c 6c 6f 2c 70 5f 64 6c 65 2c 70 5f 64 73 6c 70 2c 70 5f 76 70 6e 6c 6f 2c 70 5f 73 62 6c 2c 74 5f 6c 69 6d 69 74 73 2c 70 5f 64 6e 64 6d 2c 70 5f 64 6e 64 73 2c 70 5f 64 68 73 2c 70 5f 64 68 79 2c 70 5f 64 77 6e 2c 70 5f 64 77 73 2c 70 5f 64 6f 73 64 2c 70 5f 64 6f 79 2c 70 5f 64 75 73 64 2c 70 5f 64 75 79 2c 70 5f 64 75 61 63
                                                                                                                                                                          Data Ascii: bc_sta,bc_tsd,bc_tre,bc_typ,p_clv,p_ccss,p_bchpam,p_bchsp,p_cuacage,p_cbn,p_cmru,p_ciss,p_cufl,p_crid,p_coin,p_iid,p_idw,p_tva,p_dbts,p_dbtu,p_trllo,p_dle,p_dslp,p_vpnlo,p_sbl,t_limits,p_dndm,p_dnds,p_dhs,p_dhy,p_dwn,p_dws,p_dosd,p_doy,p_dusd,p_duy,p_duac


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          5192.168.2.54971734.117.223.2234433868C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:01:27 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          Content-MD5: CpKkUpyrs6l88iz4KdcPbQ==
                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                          Content-Length: 392
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          2024-11-17 03:01:27 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 32 34 37 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 0a 6d 69 64 65 78 3d 31 66 32 63 63 61 64 33 38 31 32 36 35 36 63 34 39 33 30 36 30 38 33 33 37 63 34 66 62 34 61 35 35 64 33 32 63 63 62 34 33 62 35 39
                                                                                                                                                                          Data Ascii: SfxCreated=1731812471SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=5bee0db5-140b-4567-a82a-8d917bd4e4demidex=1f2ccad3812656c4930608337c4fb4a55d32ccb43b59
                                                                                                                                                                          2024-11-17 03:01:27 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:01:27 GMT
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          6192.168.2.56509034.160.176.284436564C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:02:00 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                          Host: shepherd.ff.avast.com
                                                                                                                                                                          User-Agent: Avast Antivirus
                                                                                                                                                                          Content-Length: 223
                                                                                                                                                                          2024-11-17 03:02:00 UTC223OUTData Raw: 64 61 74 61 3d 43 41 41 51 47 42 67 4c 49 50 6b 76 4b 68 56 74 62 57 31 66 59 58 5a 68 58 32 56 7a 5a 31 38 77 4d 44 42 66 4d 7a 59 78 58 32 31 69 41 67 6f 41 69 41 45 41 79 67 4d 6b 4e 57 4a 6c 5a 54 42 6b 59 6a 55 74 4d 54 51 77 59 69 30 30 4e 54 59 33 4c 57 45 34 4d 6d 45 74 4f 47 51 35 4d 54 64 69 5a 44 52 6c 4e 47 52 6c 38 67 4d 45 4f 44 45 35 4d 59 49 4a 51 44 46 47 4d 6b 4e 44 51 55 51 7a 4f 44 45 79 4e 6a 55 32 51 7a 51 35 4d 7a 41 32 4d 44 67 7a 4d 7a 64 44 4e 45 5a 43 4e 45 45 31 4e 55 51 7a 4d 6b 4e 44 51 6a 51 7a 51 6a 55 35 4f 45 59 30 52 6a 67 77 4d 44 63 79 4f 44 63 79 4f 44 4d 35 51 30 52 44 52 44 62 61 45 77 5a 70 59 58 5a 7a 4f 58 67 25 33 44
                                                                                                                                                                          Data Ascii: data=CAAQGBgLIPkvKhVtbW1fYXZhX2VzZ18wMDBfMzYxX21iAgoAiAEAygMkNWJlZTBkYjUtMTQwYi00NTY3LWE4MmEtOGQ5MTdiZDRlNGRl8gMEODE5MYIJQDFGMkNDQUQzODEyNjU2QzQ5MzA2MDgzMzdDNEZCNEE1NUQzMkNDQjQzQjU5OEY0RjgwMDcyODcyODM5Q0RDRDbaEwZpYXZzOXg%3D
                                                                                                                                                                          2024-11-17 03:02:01 UTC3452INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:02:01 GMT
                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                          Content-Length: 38307
                                                                                                                                                                          AB-Tests: 19fa92d7-cec3-489b-9f86-f88a9780902e:A,49afa038-20e4-4cff-b058-f7c69b5a850d:A,AV-32666-v1-fake:b,Indruch_SS_4Thursdays_fake:d,av-32836-v2-fake:b,av-39646-v2-fake:a,f269135a-abf6-41df-a90a-13b411c26efa:A,ipmb-12910-v1:a,oa-7466-v0:c
                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                          Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                          Config-Id: 5
                                                                                                                                                                          Config-Name: Avast-Windows-AV-Consumer_websocket-testing_email-signatures_opswatenabled_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_not-avast-one_version-18.6-and-higher_icarus-migration-free-release_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-read-mode-release_quic-on_emailscanner-ignored-processes_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_free-onboarding_avast-forrelease-24.4_noomnianda1_aosstorelink_enableddwm_enablehns3_phone-support-tile_avast-forrelease-24.11-blatnyonly_version-20.1-plus_fs-and-idp-integration_cef-91_v19.1-and-higher-on_opening-browser-onboarding_smartscan-free---antivirus---win [TRUNCATED]
                                                                                                                                                                          Config-Version: 5198
                                                                                                                                                                          Segments: websocket testing,email signatures,opswatenabled,ipm_6363_chrome_offer_setup_free,asb and chrome since 21.2,version 23.2 and higher not in fr de,free,production new installs,disabled aos sideloading,web purchase - autoactivation,webshield tls processes - release,v19.1 and higher free,ipm_4932_opm_pus_fullscale,not avast one,version 18.6 and higher,icarus migration free release,production,webshield.quic.block - fraction test setup,quic sni block release stage 2,quic read mode release,quic on,emailscanner ignored processes,previous version,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,v2017,globalflags - streamproduction ,devicewatcheron,version 20.9 and higher,pups in avast rollout,winre bts,free onboarding,avast forrelease 24.4,noomnianda1,aosstorelink,enableddwm,enablehns3,phone support tile,avast forrelease 24.11 blatnyonly,version 20.1 plus,fs and idp integration,cef 91,v19.1 and higher on,opening browser onboarding,smartscan free - antivirus - win10,ispublicrelease,opm_burger [TRUNCATED]
                                                                                                                                                                          TTL: 86400
                                                                                                                                                                          TTL-Spread: 43200
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: clear
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:02:01 UTC672INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                          Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 0d 0a 53 68 6f 77 49 6e 49 6e 74 72 6f 3d 31 0d 0a 5b 53 65 63 75 72 65 42 72 6f 77 73 65 72 5d 0d 0a 55 75 70 64 61 74 65 49 6e 73 74 61 6c 6c 3d 30 0d 0a 5b 53 79 6d 74 65 72 6e 61 6c 73 5d 0d 0a 53 75 62 6d 69 74 47 65 6e 65 72 61 74 69 6f 6e 3d 32 30 32 32 2d 30 33 2d 30 32 0d 0a 55 6e 73 65 65 6e 45 78 65 73 53 75 62 6d 69 74 3d 32 0d 0a 5b 46 69 6c 65 53 79 73 74 65 6d 53 68 69 65 6c 64 2e 46 69 6c 65 53 79 73 74 65 6d 5d 0d 0a 45 6e 67 69 6e 65 4c 64 72 4d 6f 64 75 6c 65 46 6c 61 67 73 3d 32 34 0d 0a 5b 50 65 72 66 52 65 70 6f 72 74 69 6e 67 5d 0d 0a 41 76 61 73 74 50 72 6f 63 65 73 73 65 73 57 70 72 43 61 70 74 75 72 65 49 6e 74 65 72 76 61 6c 3d 30 0d 0a 5b 43 6f 6d 70 6f 6e 65 6e 74 73 5d 0d 0a 61 69 73 5f 63 6d 70 5f 66 77 3d 32 0d 0a 61 69 73
                                                                                                                                                                          Data Ascii: ShowInIntro=1[SecureBrowser]UupdateInstall=0[Symternals]SubmitGeneration=2022-03-02UnseenExesSubmit=2[FileSystemShield.FileSystem]EngineLdrModuleFlags=24[PerfReporting]AvastProcessesWprCaptureInterval=0[Components]ais_cmp_fw=2ais
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 65 72 2e 65 78 65 3b 66 69 72 65 66 6f 78 2e 65 78 65 3b 6d 73 65 64 67 65 2e 65 78 65 3b 43 43 6c 65 61 6e 65 72 42 72 6f 77 73 65 72 2e 65 78 65 3b 71 71 62 72 6f 77 73 65 72 2e 65 78 65 3b 62 72 6f 77 73 65 72 2e 65 78 65 3b 55 43 42 72 6f 77 73 65 72 2e 65 78 65 3b 73 70 61 72 6b 2e 65 78 65 3b 4d 61 78 74 68 6f 6e 2e 65 78 65 3b 76 69 76 61 6c 64 69 2e 65 78 65 3b 62 72 61 76 65 2e 65 78 65 3b 53 6f 67 6f 75 45 78 70 6c 6f 72 65 72 2e 65 78 65 3b 4e 6f 72 74 6f 6e 42 72 6f 77 73 65 72 2e 65 78 65 3b 41 76 69 72 61 42 72 6f 77 73 65 72 2e 65 78 65 0d 0a 54 6c 73 50 72 6f 63 65 73 73 65 73 4c 69 73 74 3d 70 6f 77 65 72 73 68 65 6c 6c 2e 65 78 65 3b 63 73 63 72 69 70 74 2e 65 78 65 3b 77 73 63 72 69 70 74 2e 65 78 65 3b 6d 73 68 74 61 2e 65 78 65 3b 6d
                                                                                                                                                                          Data Ascii: er.exe;firefox.exe;msedge.exe;CCleanerBrowser.exe;qqbrowser.exe;browser.exe;UCBrowser.exe;spark.exe;Maxthon.exe;vivaldi.exe;brave.exe;SogouExplorer.exe;NortonBrowser.exe;AviraBrowser.exeTlsProcessesList=powershell.exe;cscript.exe;wscript.exe;mshta.exe;m
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 49 6a 6f 69 61 58 42 74 4c 6e 42 66 63 32 78 73 63 33 51 69 66 53 77 33 58 58 30 73 65 79 4a 6c 63 58 56 68 62 43 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 7a 62 47 78 7a 64 43 4a 39 4c 44 68 64 66 56 31 39 4c 48 73 69 62 47 56 7a 63 79 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 6a 62 33 56 75 64 46 39 77 5a 58 4a 66 5a 47 46 35 49 6e 30 73 4d 56 31 39 58 58 30 73 49 6d 39 77 64 47 6c 76 62 6e 4d 69 4f 6e 73 69 62 47 46 31 62 6d 4e 6f 54 33 42 30 61 57 39 75 49 6a 70 37 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c
                                                                                                                                                                          Data Ascii: IjoiaXBtLnBfc2xsc3QifSw3XX0seyJlcXVhbCI6W3sidmFyaWFibGUiOiJpcG0ucF9zbGxzdCJ9LDhdfV19LHsibGVzcyI6W3sidmFyaWFibGUiOiJjb3VudF9wZXJfZGF5In0sMV19XX0sIm9wdGlvbnMiOnsibGF1bmNoT3B0aW9uIjp7ImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 42 74 4c 6e 42 66 63 48 4a 76 49 6e 30 73 4d 31 31 39 4c 48 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 63 48 4a 76 49 6e 30 73 4d 54 4d 77 58 58 31 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 63 6d 56 77 5a 57 46 30 58 32 6c 75 64 47 56 79 64 6d 46 73 49 6e 30 73 4d 54 51 30 4d 46 31 39 58 58 30 73 49 6d 39 77 64 47 6c 76 62 6e 4d 69 4f 6e 73 69 62 47 46 31 62 6d 4e 6f 54 33 42 30 61 57 39 75 49 6a 70 37 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 62 6d 46 6e 58 32 78 70 62
                                                                                                                                                                          Data Ascii: BtLnBfcHJvIn0sM119LHsiZXF1YWwiOlt7InZhcmlhYmxlIjoiaXBtLnBfcHJvIn0sMTMwXX1dfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoicmVwZWF0X2ludGVydmFsIn0sMTQ0MF19XX0sIm9wdGlvbnMiOnsibGF1bmNoT3B0aW9uIjp7ImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwibm90aWZ5TGltaXRlcklEIjoibmFnX2xpb
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 65 55 46 6e 59 57 6c 75 51 57 5a 30 5a 58 49 69 4f 6a 4d 77 4c 43 4a 30 61 57 31 6c 56 47 39 4d 61 58 5a 6c 51 57 4e 30 61 58 5a 6c 54 58 4e 6e 49 6a 6f 32 4d 48 31 39 66 53 77 69 59 32 39 75 63 33 52 79 59 57 6c 75 64 48 4d 69 4f 6e 73 69 59 57 35 6b 49 6a 70 62 65 79 4a 6c 63 58 56 68 62 43 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 6c 64 6d 56 75 64 43 4a 39 4c 43 4a 44 54 45 39 54 52 56 39 50 52 6b 5a 46 55 6c 39 46 56 6b 56 4f 56 46 39 55 52 56 4e 55 58 30 4d 69 58 58 30 73 65 79 4a 73 5a 58 4e 7a 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 4e 76 64 57 35 30 58 33 42 6c 63 6c 39 6b 59 58 6b 69 66 53 77 78 58 58 31 64 66 53 77 69 64 58 4a 73 49 6a 70 37 49 6e 42 68 63 6d 46 74 63 79 49 36 57 33 73 69 62 6d 46
                                                                                                                                                                          Data Ascii: eUFnYWluQWZ0ZXIiOjMwLCJ0aW1lVG9MaXZlQWN0aXZlTXNnIjo2MH19fSwiY29uc3RyYWludHMiOnsiYW5kIjpbeyJlcXVhbCI6W3sidmFyaWFibGUiOiJldmVudCJ9LCJDTE9TRV9PRkZFUl9FVkVOVF9URVNUX0MiXX0seyJsZXNzIjpbeyJ2YXJpYWJsZSI6ImNvdW50X3Blcl9kYXkifSwxXX1dfSwidXJsIjp7InBhcmFtcyI6W3sibmF
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 53 49 73 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 66 53 78 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 53 49 73 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 33 52 69 59 79 4a 39 4c 48 73 69 64 6d 46 73 64 57 55 69 4f 69 49 7a 4f 44 41 69 4c 43 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 6c 62 47 30 69 66 53 78 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 51 56 5a 42 55 31 52 66 54 31 42 46 54 6c 39 56 53 56 39 50 54 31 38 78 4f 44 59 78 4d 53 49 73 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 31 70 5a 43 4a 39 58 58 31 39 4c 48 73 69 61 57 51 69 4f 69 4a 4f 51 55 64 66 52 56 68 51 53 56 4a 4a 54 6b 64 66 55 45 46 4e 58 30 46 57 51 56 4e 55 49 69 77 69 63
                                                                                                                                                                          Data Ascii: VybCI6eyJwYXJhbXMiOlt7InZhbHVlIjoiMSIsIm5hbWUiOiJhY3Rpb24ifSx7InZhbHVlIjoiMSIsIm5hbWUiOiJwX3RiYyJ9LHsidmFsdWUiOiIzODAiLCJuYW1lIjoicF9lbG0ifSx7InZhbHVlIjoiQVZBU1RfT1BFTl9VSV9PT18xODYxMSIsIm5hbWUiOiJwX21pZCJ9XX19LHsiaWQiOiJOQUdfRVhQSVJJTkdfUEFNX0FWQVNUIiwic
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 6c 65 43 4a 39 4c 43 30 78 4e 56 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 47 56 34 49 6e 30 73 4d 46 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 46 64 66 53 78 37 49 6d 78 6c 63 33 4e 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 4e 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 77 49 6e 30
                                                                                                                                                                          Data Ascii: aWFibGUiOiJpcG0ucF9wbWxleCJ9LC0xNV19LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbGV4In0sMF19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDFdfSx7Imxlc3NlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDNdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVwIn0
                                                                                                                                                                          2024-11-17 03:02:01 UTC1378INData Raw: 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4d 7a 59 77 4c 43 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 44 42 39 66 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 4d 58 31 64 4c 43 4a 6c 64 6d 46 73 64 57 46 30 5a 56 42 68 63 6d 46 74 63 79 49 36 57 33 73 69 62 6d 46 74 5a 53 49 36 49 6b 6c 51 54 56 39 56 55 6b 78 66 55 45 46 53 51 55 31 54 58 30 46 4d 54 43 4a 39 58 58 30 73 49 6e 42 79 61 57 39 79 61 58 52 35 49 6a 6f 78 4d 44 41 77 66 56 31 39 66 51 3d 3d 0d 0a 44 69 73 61 62 6c 65 49 70 6d 45
                                                                                                                                                                          Data Ascii: J1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl2ZU1zZyI6MzYwLCJ0cnlBZ2FpbkFmdGVyIjozMDB9fX0sInVybCI6eyJwYXJhbXMiOlt7Im5hbWUiOiJhY3Rpb24iLCJ2YWx1ZSI6MX1dLCJldmFsdWF0ZVBhcmFtcyI6W3sibmFtZSI6IklQTV9VUkxfUEFSQU1TX0FMTCJ9XX0sInByaW9yaXR5IjoxMDAwfV19fQ==DisableIpmE


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          7192.168.2.56511334.117.223.2234436564C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:02:04 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                          User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                          Content-Length: 493
                                                                                                                                                                          Host: analytics.avcdn.net
                                                                                                                                                                          2024-11-17 03:02:04 UTC493OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 32 2c 22 74 69 6d 65 22 3a 31 37 33 31 38 31 36 37 32 39 35 38 37 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 22 2c 22 68 77 69 64 22 3a 22 31 46 32 43 43 41 44 33 38 31 32 36 35 36 43 34 39 33 30 36 30 38 33 33 37 43 34 46 42 34 41 35 35 44 33 32 43 43 42 34 33 42 35 39 38 46 34 46 38 30 30 37 32 38 37 32 38 33 39 43 44 43 44 36 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 22 7d 2c 22 69 6e 73 74 75 70 22 3a
                                                                                                                                                                          Data Ascii: {"record":[{"event":{"subtype":2,"time":1731816729587,"type":70},"identity":{"guid":"5bee0db5-140b-4567-a82a-8d917bd4e4de","hwid":"1F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6"},"installation":{"aiid":"mmm_ava_esg_000_361_m"},"instup":
                                                                                                                                                                          2024-11-17 03:02:05 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:02:05 GMT
                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                          Content-Length: 19
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:02:05 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                          Data Ascii: {"processed": true}


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          8192.168.2.56511434.117.223.2234436564C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:02:04 UTC202OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                          Host: v7event.stats.avast.com
                                                                                                                                                                          User-Agent: avast! Antivirus
                                                                                                                                                                          Accept: */*
                                                                                                                                                                          Content-MD5: tkPzQJcGzHevAiNCmA/xuw==
                                                                                                                                                                          Content-Type: iavs4/stats
                                                                                                                                                                          Content-Length: 327
                                                                                                                                                                          2024-11-17 03:02:04 UTC327OUTData Raw: 49 6e 73 74 75 70 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 69 6e 73 74 61 6c 6c 5f 69 6e 74 72 6f 0a 67 75 69 64 3d 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 0a 6d 69 64 65 78 3d 31 66 32 63 63 61 64 33 38 31 32 36 35 36 63 34 39 33 30 36 30 38 33 33 37 63 34 66 62 34 61 35 35 64 33 32 63 63 62 34 33 62 35 39 38 66 34 66 38 30 30 37 32 38 37 32 38 33 39 63 64 63 64 36 0a 6f 70 65 72 61 74 69 6f 6e 3d 32 0a 6f 73 3d 77 69 6e 2c 31 30 2c 30 2c 32 2c 31 39 30 34 35 2c 30 2c 41 4d 44 36 34 0a 73 74 61 74 5f 73 65 73 73 69 6f 6e 3d 62 38 35
                                                                                                                                                                          Data Ascii: InstupVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=install_introguid=5bee0db5-140b-4567-a82a-8d917bd4e4demidex=1f2ccad3812656c4930608337c4fb4a55d32ccb43b598f4f80072872839cdcd6operation=2os=win,10,0,2,19045,0,AMD64stat_session=b85
                                                                                                                                                                          2024-11-17 03:02:05 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:02:05 GMT
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          9192.168.2.56512534.111.24.14436564C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:02:06 UTC597OUTGET /?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-ch&repoid=iavs9x&p_lan=8192&p_lng=en&p_vep=24&p_ves=11&p_vbd=6137&p_cnm=530978&p_hid=5bee0db5-140b-4567-a82a-8d917bd4e4de&p_bld=mmm_ava_esg_000_361_m&p_adp=0000&p_midex=1F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6&p_chs=5&p_chr=2&p_gccc=2&p_scr=intro&p_sbi=0&p_ram=8191&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0 HTTP/1.1
                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Accept: */*
                                                                                                                                                                          User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
                                                                                                                                                                          Host: ipm.avcdn.net
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:02:06 GMT
                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                          Content-Length: 19780
                                                                                                                                                                          IPM-Asset-URL--266817469: https://ipmcdn.avast.com/images/banner/img_secure-browser-v2.png
                                                                                                                                                                          IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                          Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Expires: 0
                                                                                                                                                                          Content-Identifier: fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html
                                                                                                                                                                          ETag: W/d3fc5bfb
                                                                                                                                                                          Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1731812526; Max-Age=1728000; Expires=Sat, 07 Dec 2024 03:02:06 GMT; Secure; SameSite=None
                                                                                                                                                                          Set-Cookie: ScreenName_76=fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html; Max-Age=3888000; Expires=Wed, 01 Jan 2025 03:02:06 GMT; Secure; SameSite=None
                                                                                                                                                                          Set-Cookie: ClientId=942c5b29-7de7-4058-a7bb-91e5aaf18483; Max-Age=63072000; Expires=Tue, 17 Nov 2026 03:02:06 GMT; Secure; SameSite=None
                                                                                                                                                                          Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1731812526; Max-Age=1728000; Expires=Sat, 07 Dec 2024 03:02:06 GMT; Secure; SameSite=None
                                                                                                                                                                          Set-Cookie: ScreenName_76=fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html; Max-Age=3888000; Expires=Wed, 01 Jan 2025 03:02:06 GMT; Secure; SameSite=None
                                                                                                                                                                          Set-Cookie: ClientId=942c5b29-7de7-4058-a7bb-91e5aaf18483; Max-Age=63072000; Expires=Tue, 17 Nov 2026 03:02:06 GMT; Secure; SameSite=None
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: clear
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INData Raw: 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 64 70 69 3d 22 31 30 30 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 09 2a 20 7b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 68 74 6d 6c 2c 0d 0a 62 6f 64 79 20 7b 0d 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 68 65 69 67 68 74 3a 20 32 32 30 64 69 70 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65
                                                                                                                                                                          Data Ascii: <html dir="ltr" dpi="100"><head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <style>* { margin: 0; padding: 0; }html,body { width: 100%; height: 220dip; font-family: Arial, sans-serif; overflow: hidde
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INData Raw: 6e 74 2d 73 69 7a 65 3a 20 31 30 64 69 70 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 0d 0a 2e 64 65 73 63 72 69 70 74 69 6f 6e 2d 66 65 61 74 75 72 65 73 20 6c 69 20 7b 0d 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 36 3b 0d 0a 7d 0d 0a 2e 77 69 64 67 65 74 2d 77 72 61 70 70 65 72 20 7b 0d 0a 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 34 64 69 70 3b 0d 0a 7d 0d 0a 77 69 64 67 65 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 64 69 70 3b 0d 0a 7d 20 0d 0a 77 69 64 67 65 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 2e 5f 77 69 64 67 65 74 2d 64 65 73 63 72
                                                                                                                                                                          Data Ascii: nt-size: 10dip !important;} .description-features li { line-height: 1.6;}.widget-wrapper { padding-bottom: 4dip;}widget[type="checkbox"] { display: block; margin-top: 5dip;} widget[type="checkbox"] ._widget-descr
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INData Raw: 32 25 33 41 25 32 32 32 34 2e 31 31 2e 36 31 33 37 2e 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 25 32 32 25 32 43 25 32 32 62 75 69 6c 64 25 32 32 25 33 41 36 31 33 37 25 32 43 25 32 32 69 70 6d 5f 70 72 6f 64 75 63 74 25 32 32 25 33 41 30 25 37 44 25 32 43 25 32 32 70 6c 61 74 66 6f 72 6d 25 32 32 25 33 41 25 37 42 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 31 30 2e 30 25 32 32 25 32 43 25 32 32 6c 61 6e 67 25 32 32 25 33 41 25 32 32 65 6e 2d 75 73 25 32 32 25 37 44 25 32 43 25 32 32 6c 69 63 65 6e 73 65 25 32 32 25 33 41 25 37 42 25 32 32 73 75 62 73 63 72 69 70 74 69 6f 6e 5f 6d 6f 64 65 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 73 74 61 63 6b 25 32 32 25 33 41 25 32 32 53 54 41 43 4b 5f 41 56 41 53 54 25 32
                                                                                                                                                                          Data Ascii: 2%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%2
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INData Raw: 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 32 29 2e 73 72 63 20 3d 20 22 22 2c 0d 0a 20 20 20 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 33 29 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 61 6e 61 6c 79 74 69 63 73 2e 66 66 2e 61 76 61 73 74 2e 63 6f 6d 2f 76 34 2f 72 65 63 65 69 76 65 2f 67 65 74 2f 6a 73 6f 6e 2f 31 30 3f 64 61 74 61 3d 25 37 42 25 32 32 72 65 63 6f 72 64 25 32 32 25 33 41 25 35 42 25 37 42 25 32 32 65 76 65 6e 74 25 32 32 25 33 41 25 37 42 25 32 32 74 79 70 65 25 32 32 25 33 41 31 30 25 32 43 25 32 32 73 75 62 74 79 70 65 25 32 32 25 33 41 31 25 32 43 25 32 32 72 65 71 75 65 73 74 5f 69 64 25 32 32 25 33 41 25 32 32 38 32 38 32 32 66 33 65 2d 35 32 30 38 2d 34 36 65 36 2d 38 65 38 33 2d 31 66 36 62 62 38 35 39 37 39 35 30 25 32 32 25
                                                                                                                                                                          Data Ascii: $1(.track2).src = "", $1(.track3).src = "https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A1%2C%22request_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INData Raw: 25 37 44 25 35 44 25 32 43 25 32 32 62 72 61 6e 64 25 32 32 25 33 41 25 32 32 41 76 61 73 74 25 32 32 25 32 43 25 32 32 70 6c 61 63 65 6d 65 6e 74 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 73 65 74 75 70 25 32 32 25 32 43 25 32 32 6d 65 73 73 61 67 65 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 73 65 74 75 70 2d 61 76 61 73 74 2d 6f 66 66 65 72 5f 6e 69 74 72 6f 2d 73 65 63 75 72 65 2d 62 72 6f 77 73 65 72 25 32 32 25 37 44 25 32 43 25 32 32 61 63 74 69 6f 6e 25 32 32 25 33 41 25 37 42 25 32 32 61 63 74 69 6f 6e 4e 61 6d 65 25 32 32 25 33 41 25 32 32 61 73 62 2d 69 6e 73 74 61 6c 6c 25 32 32 25 37 44 25 37 44 25 37 44 25 35 44 25 37 44 22 3b 20 20 0d 0a 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 2f 2a 4e 6f 74 20 69 6e 73 74 61 6c 6c 20 62 72 6f 77 73 65 72 20 2a
                                                                                                                                                                          Data Ascii: %7D%5D%2C%22brand%22%3A%22Avast%22%2C%22placement_type%22%3A%22setup%22%2C%22message_name%22%3A%22setup-avast-offer_nitro-secure-browser%22%7D%2C%22action%22%3A%7B%22actionName%22%3A%22asb-install%22%7D%7D%7D%5D%7D"; } /*Not install browser *
                                                                                                                                                                          2024-11-17 03:02:06 UTC1459INData Raw: 25 32 32 25 32 43 25 32 32 63 75 73 74 6f 6d 65 72 5f 73 65 67 6d 65 6e 74 25 32 32 25 33 41 25 32 32 46 4e 25 32 32 25 32 43 25 32 32 66 6c 6f 77 5f 69 64 25 32 32 25 33 41 25 32 32 38 32 38 32 32 66 33 65 2d 35 32 30 38 2d 34 36 65 36 2d 38 65 38 33 2d 31 66 36 62 62 38 35 39 37 39 35 30 25 32 32 25 37 44 25 32 43 25 32 32 63 6f 6e 74 65 6e 74 25 32 32 25 33 41 25 37 42 25 32 32 63 6f 6e 74 65 6e 74 5f 69 64 65 6e 74 69 66 69 65 72 25 32 32 25 33 41 25 32 32 66 61 25 32 46 65 6e 2d 77 77 25 32 46 73 65 74 75 70 2d 61 76 61 73 74 2d 6f 66 66 65 72 5f 6e 69 74 72 6f 2d 73 65 63 75 72 65 2d 62 72 6f 77 73 65 72 5f 76 61 72 69 61 6e 74 2d 61 2e 68 74 6d 6c 25 32 32 25 32 43 25 32 32 63 6f 6e 74 65 6e 74 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 53 43 52 45
                                                                                                                                                                          Data Ascii: %22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCRE
                                                                                                                                                                          2024-11-17 03:02:06 UTC444INData Raw: 38 37 32 38 33 39 43 44 43 44 36 25 32 32 25 37 44 25 32 43 25 32 32 70 72 6f 64 75 63 74 25 32 32 25 33 41 25 37 42 25 32 32 69 64 25 32 32 25 33 41 31 25 32 43 25 32 32 65 64 69 74 69 6f 6e 25 32 32 25 33 41 31 25 32 43 25 32 32 6c 61 6e 67 25 32 32 25 33 41 25 32 32 65 6e 2d 75 73 25 32 32 25 32 43 25 32 32 76 65 72 73 69 6f 6e 5f 61 70 70 25 32 32 25 33 41 25 32 32 32 34 2e 31 31 2e 36 31 33 37 2e 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 25 32 32 25 32 43 25 32 32 62 75 69 6c 64 25 32 32 25 33 41 36 31 33 37 25 32 43 25 32 32 69 70 6d 5f 70 72 6f 64 75 63 74 25 32 32 25 33 41 30 25 37 44 25 32 43 25 32 32 70 6c 61 74 66 6f 72 6d 25 32 32 25 33 41 25 37 42 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 31 30 2e 30 25 32
                                                                                                                                                                          Data Ascii: 872839CDCD6%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%2
                                                                                                                                                                          2024-11-17 03:02:06 UTC1378INData Raw: 25 32 32 25 33 41 25 37 42 25 37 44 25 32 43 25 32 32 69 70 6d 25 32 32 25 33 41 25 37 42 25 32 32 63 6f 6d 6d 6f 6e 25 32 32 25 33 41 25 37 42 25 32 32 65 6c 65 6d 65 6e 74 25 32 32 25 33 41 37 36 25 32 43 25 32 32 6c 69 63 65 6e 73 65 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 53 54 41 4e 44 41 52 44 25 32 32 25 32 43 25 32 32 6c 69 63 65 6e 73 69 6e 67 5f 73 74 61 67 65 25 32 32 25 33 41 25 32 32 4c 49 43 45 4e 53 45 44 25 32 32 25 32 43 25 32 32 63 75 73 74 6f 6d 65 72 5f 73 65 67 6d 65 6e 74 25 32 32 25 33 41 25 32 32 46 4e 25 32 32 25 32 43 25 32 32 66 6c 6f 77 5f 69 64 25 32 32 25 33 41 25 32 32 38 32 38 32 32 66 33 65 2d 35 32 30 38 2d 34 36 65 36 2d 38 65 38 33 2d 31 66 36 62 62 38 35 39 37 39 35 30 25 32 32 25 37 44 25 32 43 25 32 32 63 6f 6e 74
                                                                                                                                                                          Data Ascii: %22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22cont
                                                                                                                                                                          2024-11-17 03:02:06 UTC1378INData Raw: 66 36 62 62 38 35 39 37 39 35 30 25 32 32 25 37 44 25 32 43 25 32 32 69 64 65 6e 74 69 74 79 25 32 32 25 33 41 25 37 42 25 32 32 67 75 69 64 25 32 32 25 33 41 25 32 32 35 62 65 65 30 64 62 35 2d 31 34 30 62 2d 34 35 36 37 2d 61 38 32 61 2d 38 64 39 31 37 62 64 34 65 34 64 65 25 32 32 25 32 43 25 32 32 68 77 69 64 25 32 32 25 33 41 25 32 32 31 46 32 43 43 41 44 33 38 31 32 36 35 36 43 34 39 33 30 36 30 38 33 33 37 43 34 46 42 34 41 35 35 44 33 32 43 43 42 34 33 42 35 39 38 46 34 46 38 30 30 37 32 38 37 32 38 33 39 43 44 43 44 36 25 32 32 25 37 44 25 32 43 25 32 32 70 72 6f 64 75 63 74 25 32 32 25 33 41 25 37 42 25 32 32 69 64 25 32 32 25 33 41 31 25 32 43 25 32 32 65 64 69 74 69 6f 6e 25 32 32 25 33 41 31 25 32 43 25 32 32 6c 61 6e 67 25 32 32 25 33 41 25
                                                                                                                                                                          Data Ascii: f6bb8597950%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%225bee0db5-140b-4567-a82a-8d917bd4e4de%22%2C%22hwid%22%3A%221F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%
                                                                                                                                                                          2024-11-17 03:02:06 UTC1378INData Raw: 41 25 37 42 25 32 32 61 63 74 69 6f 6e 4e 61 6d 65 25 32 32 25 33 41 25 32 32 61 73 62 2d 69 6e 73 74 61 6c 6c 25 32 32 25 37 44 25 37 44 25 37 44 25 35 44 25 37 44 22 3b 20 20 20 20 0d 0a 7d 0d 0a 2e 66 6f 6f 74 65 72 3a 6e 6f 74 28 5b 6f 73 3d 22 31 30 2e 30 22 5d 29 20 77 69 64 67 65 74 23 69 6e 73 74 61 6c 6c 2d 62 72 6f 77 73 65 72 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 3a 6e 6f 74 28 3a 63 68 65 63 6b 65 64 29 20 7b 0d 0a 20 20 20 20 61 73 73 69 67 6e 65 64 21 3a 20 53 65 6e 64 41 76 43 6f 6d 6d 61 6e 64 28 22 63 68 61 6e 67 65 5f 63 6f 6d 70 6f 6e 65 6e 74 3a 61 69 73 5f 63 6d 70 5f 73 65 63 75 72 65 62 72 6f 77 73 65 72 3a 30 3a 22 29 3b 0d 0a 20 20 09 61 63 74 69 76 65 2d 6f 6e 21 3a 0d 0a 20 20 20 20 20 20 20 20 24 31 28 2e 74 72 61
                                                                                                                                                                          Data Ascii: A%7B%22actionName%22%3A%22asb-install%22%7D%7D%7D%5D%7D"; }.footer:not([os="10.0"]) widget#install-browser[type="checkbox"]:not(:checked) { assigned!: SendAvCommand("change_component:ais_cmp_securebrowser:0:"); active-on!: $1(.tra


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          10192.168.2.56513134.117.223.2234436564C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:02:07 UTC1751OUTGET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%225bee0db5-140b-4567-a82a-8d917bd4e4de%22%2C%22hwid%22%3A%221F2CCAD3812656C4930608337C4FB4A55D32CCB43B598F4F80072872839CDCD6%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%2282822f3e-5208-46e6-8e83-1f6bb8597950%22%7D%2C%22con [TRUNCATED]
                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                          Accept: */*
                                                                                                                                                                          User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
                                                                                                                                                                          Host: analytics.ff.avast.com
                                                                                                                                                                          2024-11-17 03:02:07 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:02:07 GMT
                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                          Content-Length: 19
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:02:07 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                          Data Ascii: {"processed": true}


                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                          11192.168.2.56520134.117.223.2234436564C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                          2024-11-17 03:03:04 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                          Content-Type: application/x-enc-sb
                                                                                                                                                                          Content-Encoding: gzip
                                                                                                                                                                          User-Agent: Avast Antivirus
                                                                                                                                                                          Content-Length: 560
                                                                                                                                                                          Host: analytics.avcdn.net
                                                                                                                                                                          2024-11-17 03:03:04 UTC560OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a bd 92 cf 6b d4 40 14 c7 37 db a5 5d 42 85 ba 22 e8 9e 42 e8 a1 85 cd 76 26 f3 66 36 39 d9 24 bb b1 2b 2e 96 dd ae 2d 92 43 93 cd b3 1b 88 49 99 a4 b4 22 9e f5 e8 7f e1 55 44 0f e2 9f e0 1f e0 c1 b3 7f 81 27 6f 26 1e fc 01 22 f5 e2 30 0c ef cd cc f7 fb 99 79 3c f5 d9 9a ba 74 77 a9 6f 7a 9e 33 64 16 35 05 17 1e d8 8c 08 62 31 36 f0 c0 77 c1 e1 7c c8 aa 0b 2e 30 97 db 96 0f be 45 c8 c0 b4 aa c9 6c 6f e8 0d c5 9d 4d 1e 21 92 38 e2 06 05 12 19 c0 c5 c0 08 2d 33 34 ac d8 a6 83 28 06 84 18 3b ef 5b 6a 4b b9 7e 45 d9 78 fd e6 c3 97 f5 ad 8f ad 07 2f 5b 6a d2 56 3a e3 59 fe b0 3c 0f 25 06 b7 f3 fc 24 c5 60 7e 1a 87 25 06 5e 9a 60 56 ce ca 3a 7e 62 39 c2 1e 32 e0 c6 90 0b 30 40 b0 85 e1 f8 3e 35 ea 6d 7b c4 19 f1 6d f1 b4 bb 96 86 45
                                                                                                                                                                          Data Ascii: k@7]B"Bv&f69$+.-CI"UD'o&"0y<twoz3d5b16w|.0EloM!8-34(;[jK~Ex/[jV:Y<%$`~%^`V:~b920@>5m{mE
                                                                                                                                                                          2024-11-17 03:03:04 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                          Server: nginx
                                                                                                                                                                          Date: Sun, 17 Nov 2024 03:03:04 GMT
                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                          Content-Length: 24
                                                                                                                                                                          X-ASW-Receiver-Ack: processed
                                                                                                                                                                          Via: 1.1 google
                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                          Connection: close
                                                                                                                                                                          2024-11-17 03:03:04 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                          Data Ascii: Receiver-Ack: processed


                                                                                                                                                                          Statistics

                                                                                                                                                                          CPU Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          Memory Usage

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                          Behavior

                                                                                                                                                                          Click to jump to process

                                                                                                                                                                          System Behavior

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:0
                                                                                                                                                                          Start time:22:01:11
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe"
                                                                                                                                                                          Imagebase:0x190000
                                                                                                                                                                          File size:263'520 bytes
                                                                                                                                                                          MD5 hash:3DF8662A0A6E5D44DDA952B703CA3415
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:2
                                                                                                                                                                          Start time:22:01:19
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.bcf0ed0195a4896f\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f
                                                                                                                                                                          Imagebase:0x7ff7c79f0000
                                                                                                                                                                          File size:11'083'976 bytes
                                                                                                                                                                          MD5 hash:5602827611566F03E75534E544049184
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:4
                                                                                                                                                                          Start time:22:01:23
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.8b2d18aeb335a9b4\Instup.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.8b2d18aeb335a9b4\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f
                                                                                                                                                                          Imagebase:0x7ff62e1b0000
                                                                                                                                                                          File size:3'845'976 bytes
                                                                                                                                                                          MD5 hash:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:7
                                                                                                                                                                          Start time:22:01:53
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe
                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.8b2d18aeb335a9b4 /edition:1 /prod:ais /stub_context:efd62148-629f-4d50-bab4-52ce1f406be3:11083976 /guid:5bee0db5-140b-4567-a82a-8d917bd4e4de /ga_clientid:b858270f-b963-4fb3-8da8-e6ad4a98c8f2 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.bcf0ed0195a4896f /online_installer
                                                                                                                                                                          Imagebase:0x7ff7cedd0000
                                                                                                                                                                          File size:3'845'976 bytes
                                                                                                                                                                          MD5 hash:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:false

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:8
                                                                                                                                                                          Start time:22:02:03
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevated
                                                                                                                                                                          Imagebase:0xe90000
                                                                                                                                                                          File size:2'494'808 bytes
                                                                                                                                                                          MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:9
                                                                                                                                                                          Start time:22:02:03
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" /check_secure_browser
                                                                                                                                                                          Imagebase:0xe90000
                                                                                                                                                                          File size:2'494'808 bytes
                                                                                                                                                                          MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:10
                                                                                                                                                                          Start time:22:02:03
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Windows\Temp\asw.8b2d18aeb335a9b4\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
                                                                                                                                                                          Imagebase:0xe90000
                                                                                                                                                                          File size:2'494'808 bytes
                                                                                                                                                                          MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          General

                                                                                                                                                                          Target ID:12
                                                                                                                                                                          Start time:22:02:04
                                                                                                                                                                          Start date:16/11/2024
                                                                                                                                                                          Path:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                          Commandline:"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
                                                                                                                                                                          Imagebase:0x5d0000
                                                                                                                                                                          File size:2'494'808 bytes
                                                                                                                                                                          MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                          Reputation:low
                                                                                                                                                                          Has exited:true

                                                                                                                                                                          Disassembly

                                                                                                                                                                          Reset < >

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:11%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:11.5%
                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                            Total number of Limit Nodes:28
                                                                                                                                                                            execution_graph 17188 1a0619 17189 1a0623 17188->17189 17190 197ae6 ___delayLoadHelper2@8 17 API calls 17189->17190 17190->17189 17191 1a241c 17194 1a385f 17191->17194 17195 1a386d ___except_validate_context_record 17194->17195 17203 1a2fec 17195->17203 17197 1a3873 17198 1a38b2 17197->17198 17199 1a38d8 17197->17199 17202 1a2442 17197->17202 17198->17202 17216 1a3c14 17198->17216 17199->17202 17219 1a3332 17199->17219 17263 1a2ffa 17203->17263 17205 1a2ff1 17205->17197 17275 1ac0a6 17205->17275 17209 1a8672 IsProcessorFeaturePresent 17212 1a867d 17209->17212 17210 1a7d76 _abort 28 API calls 17213 1a869a 17210->17213 17211 1a8668 17211->17209 17215 1a8690 17211->17215 17214 1a4476 _abort 8 API calls 17212->17214 17214->17215 17215->17210 17334 1a3c2c 17216->17334 17218 1a3c27 17218->17202 17222 1a3352 __FrameHandler3::FrameUnwindToState 17219->17222 17220 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17221 1a36bf 17220->17221 17224 1a3472 17222->17224 17226 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17222->17226 17260 1a346d 17222->17260 17223 1a3628 17241 1a3626 17223->17241 17223->17260 17374 1a36c0 17223->17374 17224->17223 17227 1a34be 17224->17227 17225 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17225->17260 17229 1a33b0 17226->17229 17235 1a35d3 ___DestructExceptionObject 17227->17235 17359 1a20a7 17227->17359 17230 1a3656 17229->17230 17232 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17229->17232 17230->17202 17233 1a33be 17232->17233 17234 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17233->17234 17238 1a33c6 17234->17238 17236 1a3d14 IsInExceptionSpec 38 API calls 17235->17236 17235->17241 17235->17260 17237 1a3620 17236->17237 17240 1a367b 17237->17240 17237->17241 17239 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17238->17239 17238->17260 17243 1a340f 17239->17243 17242 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17240->17242 17241->17225 17244 1a3680 17242->17244 17243->17224 17247 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17243->17247 17245 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17244->17245 17248 1a3688 17245->17248 17246 1a34d8 ___TypeMatch 17246->17235 17364 1a32b2 17246->17364 17249 1a3419 17247->17249 17391 1a2292 RtlUnwind 17248->17391 17250 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17249->17250 17253 1a3424 17250->17253 17354 1a3d14 17253->17354 17254 1a369f 17256 1a3c14 __InternalCxxFrameHandler 48 API calls 17254->17256 17258 1a36ab FindHandler 17256->17258 17257 1a3430 17257->17224 17261 1a3436 ___DestructExceptionObject FindHandler type_info::operator== 17257->17261 17392 1a3b90 17258->17392 17260->17220 17260->17230 17261->17260 17262 1a203a __CxxThrowException@8 RaiseException 17261->17262 17262->17240 17264 1a3003 17263->17264 17265 1a3006 GetLastError 17263->17265 17264->17205 17305 1a4040 17265->17305 17268 1a3080 SetLastError 17268->17205 17269 1a407b ___vcrt_FlsSetValue 6 API calls 17270 1a3034 __FrameHandler3::FrameUnwindToState 17269->17270 17271 1a305c 17270->17271 17272 1a407b ___vcrt_FlsSetValue 6 API calls 17270->17272 17274 1a303a 17270->17274 17273 1a407b ___vcrt_FlsSetValue 6 API calls 17271->17273 17271->17274 17272->17271 17273->17274 17274->17268 17310 1ac014 17275->17310 17278 1ac101 17279 1ac10d _abort 17278->17279 17280 1a8b29 _abort 20 API calls 17279->17280 17284 1ac13a _abort 17279->17284 17285 1ac134 _abort 17279->17285 17280->17285 17281 1ac186 17282 1a517e _free 20 API calls 17281->17282 17283 1ac18b 17282->17283 17286 1a4640 __mbsinc 26 API calls 17283->17286 17290 1ac1b2 17284->17290 17324 1ab0d1 EnterCriticalSection 17284->17324 17285->17281 17285->17284 17304 1ac169 17285->17304 17286->17304 17287 1b1b19 _abort 5 API calls 17288 1ac308 17287->17288 17288->17211 17291 1ac211 17290->17291 17293 1ac209 17290->17293 17301 1ac23c 17290->17301 17325 1ab121 LeaveCriticalSection 17290->17325 17291->17301 17326 1ac0f8 17291->17326 17296 1a7d76 _abort 28 API calls 17293->17296 17296->17291 17298 1a8aa5 _abort 38 API calls 17302 1ac29f 17298->17302 17300 1ac0f8 _abort 38 API calls 17300->17301 17329 1ac2c1 17301->17329 17303 1a8aa5 _abort 38 API calls 17302->17303 17302->17304 17303->17304 17304->17287 17306 1a3f5b try_get_function 5 API calls 17305->17306 17307 1a405a 17306->17307 17308 1a4072 TlsGetValue 17307->17308 17309 1a301b 17307->17309 17308->17309 17309->17268 17309->17269 17309->17274 17313 1abfba 17310->17313 17312 1a865d 17312->17211 17312->17278 17314 1abfc6 __FrameHandler3::FrameUnwindToState 17313->17314 17319 1ab0d1 EnterCriticalSection 17314->17319 17316 1abfd4 17320 1ac008 17316->17320 17318 1abffb __onexit 17318->17312 17319->17316 17323 1ab121 LeaveCriticalSection 17320->17323 17322 1ac012 17322->17318 17323->17322 17324->17290 17325->17293 17327 1a8aa5 _abort 38 API calls 17326->17327 17328 1ac0fd 17327->17328 17328->17300 17330 1ac290 17329->17330 17331 1ac2c7 17329->17331 17330->17298 17330->17302 17330->17304 17333 1ab121 LeaveCriticalSection 17331->17333 17333->17330 17335 1a3c38 __FrameHandler3::FrameUnwindToState 17334->17335 17336 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17335->17336 17342 1a3c53 __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 17336->17342 17338 1a3cd3 17341 1a3cd8 __FrameHandler3::FrameUnwindToState 17338->17341 17348 1a854a 17338->17348 17341->17218 17342->17338 17343 1a3cfa 17342->17343 17344 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17343->17344 17345 1a3cff 17344->17345 17346 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17345->17346 17347 1a3d0a 17345->17347 17346->17347 17347->17338 17349 1a8556 _abort 17348->17349 17350 1a8aa5 _abort 38 API calls 17349->17350 17353 1a855b 17350->17353 17351 1a8658 _abort 38 API calls 17352 1a8585 17351->17352 17353->17351 17355 1a3da8 17354->17355 17356 1a3d28 ___TypeMatch 17354->17356 17357 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17355->17357 17356->17257 17358 1a3dad 17357->17358 17360 1a20cb 17359->17360 17361 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17360->17361 17362 1a2110 17360->17362 17363 1a2128 17361->17363 17362->17246 17365 1a32d1 17364->17365 17366 1a32c4 17364->17366 17408 1a2292 RtlUnwind 17365->17408 17404 1a3219 17366->17404 17369 1a32e6 17370 1a3c2c __FrameHandler3::FrameUnwindToState 48 API calls 17369->17370 17371 1a32f7 __FrameHandler3::FrameUnwindToState 17370->17371 17409 1a39c2 17371->17409 17373 1a331f FindHandler 17373->17246 17375 1a36d2 17374->17375 17388 1a3724 17374->17388 17376 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17375->17376 17377 1a36d9 17376->17377 17378 1a36e2 EncodePointer 17377->17378 17387 1a371d 17377->17387 17379 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17378->17379 17385 1a36f1 17379->17385 17380 1a37cb 17382 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17380->17382 17381 1a373c 17383 1a20a7 pair 38 API calls 17381->17383 17384 1a37d0 17382->17384 17389 1a374f 17383->17389 17386 1a2187 _CallSETranslator 48 API calls 17385->17386 17385->17387 17386->17387 17387->17380 17387->17381 17387->17388 17388->17241 17389->17388 17390 1a32b2 FindHandler 50 API calls 17389->17390 17390->17389 17391->17254 17393 1a3b9c __EH_prolog3_catch 17392->17393 17394 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17393->17394 17395 1a3ba1 17394->17395 17396 1a3bc4 17395->17396 17468 1a42ae 17395->17468 17398 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17396->17398 17400 1a3bc9 17398->17400 17405 1a3225 __FrameHandler3::FrameUnwindToState 17404->17405 17423 1a30da 17405->17423 17407 1a324d ___AdjustPointer BuildCatchObjectHelperInternal 17407->17365 17408->17369 17410 1a39ce __FrameHandler3::FrameUnwindToState 17409->17410 17430 1a2316 17410->17430 17413 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17414 1a39fa 17413->17414 17415 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17414->17415 17416 1a3a05 17415->17416 17417 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17416->17417 17418 1a3a10 17417->17418 17419 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17418->17419 17420 1a3a18 _CallCatchBlock2 17419->17420 17435 1a3b0a 17420->17435 17422 1a3af2 17422->17373 17424 1a30e6 __FrameHandler3::FrameUnwindToState 17423->17424 17425 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17424->17425 17426 1a3161 ___AdjustPointer BuildCatchObjectHelperInternal 17424->17426 17427 1a3218 __FrameHandler3::FrameUnwindToState 17425->17427 17426->17407 17428 1a30da BuildCatchObjectHelperInternal 38 API calls 17427->17428 17429 1a324d ___AdjustPointer BuildCatchObjectHelperInternal 17428->17429 17429->17407 17431 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17430->17431 17432 1a2327 17431->17432 17433 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17432->17433 17434 1a2332 17433->17434 17434->17413 17444 1a233a 17435->17444 17437 1a3b1b 17438 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17437->17438 17439 1a3b21 17438->17439 17440 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17439->17440 17441 1a3b2c 17440->17441 17443 1a3b6d ___DestructExceptionObject 17441->17443 17460 1a2bad 17441->17460 17443->17422 17445 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17444->17445 17446 1a2343 17445->17446 17447 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17446->17447 17448 1a234b 17447->17448 17449 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17448->17449 17450 1a2353 17448->17450 17451 1a237e 17449->17451 17450->17437 17452 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17451->17452 17453 1a2393 17452->17453 17454 1a385f __InternalCxxFrameHandler 51 API calls 17453->17454 17459 1a239e 17453->17459 17455 1a23d6 17454->17455 17456 1a23ed 17455->17456 17463 1a2292 RtlUnwind 17455->17463 17464 1a2187 17456->17464 17459->17437 17461 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17460->17461 17462 1a2bb5 17461->17462 17462->17443 17463->17456 17465 1a21a9 17464->17465 17466 1a2197 17464->17466 17467 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17465->17467 17466->17459 17467->17466 17469 1a2fec __FrameHandler3::FrameUnwindToState 48 API calls 17468->17469 17471 1a42b4 17469->17471 17470 1a854a __FrameHandler3::FrameUnwindToState 38 API calls 17472 1a42ca 17470->17472 17471->17470 17543 1a7e30 17544 1a7e3c __FrameHandler3::FrameUnwindToState 17543->17544 17545 1a7e73 __onexit 17544->17545 17551 1ab0d1 EnterCriticalSection 17544->17551 17547 1a7e50 17552 1abe6b 17547->17552 17551->17547 17553 1abe79 __fassign 17552->17553 17554 1a7e60 17552->17554 17553->17554 17559 1abba7 17553->17559 17556 1a7e79 17554->17556 17673 1ab121 LeaveCriticalSection 17556->17673 17558 1a7e80 17558->17545 17560 1abbbd 17559->17560 17562 1abc27 17559->17562 17560->17562 17564 1abbf0 17560->17564 17570 1a8de9 _free 20 API calls 17560->17570 17563 1a8de9 _free 20 API calls 17562->17563 17586 1abc75 17562->17586 17565 1abc49 17563->17565 17566 1abc12 17564->17566 17571 1a8de9 _free 20 API calls 17564->17571 17567 1a8de9 _free 20 API calls 17565->17567 17569 1a8de9 _free 20 API calls 17566->17569 17568 1abc5c 17567->17568 17572 1a8de9 _free 20 API calls 17568->17572 17573 1abc1c 17569->17573 17575 1abbe5 17570->17575 17577 1abc07 17571->17577 17578 1abc6a 17572->17578 17579 1a8de9 _free 20 API calls 17573->17579 17574 1abce3 17580 1a8de9 _free 20 API calls 17574->17580 17587 1ab85e 17575->17587 17576 1abc83 17576->17574 17582 1a8de9 20 API calls _free 17576->17582 17615 1ab95c 17577->17615 17584 1a8de9 _free 20 API calls 17578->17584 17579->17562 17585 1abce9 17580->17585 17582->17576 17584->17586 17585->17554 17627 1abd1a 17586->17627 17588 1ab958 17587->17588 17589 1ab86f 17587->17589 17588->17564 17590 1ab880 17589->17590 17591 1a8de9 _free 20 API calls 17589->17591 17592 1ab892 17590->17592 17593 1a8de9 _free 20 API calls 17590->17593 17591->17590 17594 1ab8a4 17592->17594 17595 1a8de9 _free 20 API calls 17592->17595 17593->17592 17596 1ab8b6 17594->17596 17597 1a8de9 _free 20 API calls 17594->17597 17595->17594 17598 1ab8c8 17596->17598 17599 1a8de9 _free 20 API calls 17596->17599 17597->17596 17600 1ab8da 17598->17600 17601 1a8de9 _free 20 API calls 17598->17601 17599->17598 17602 1ab8ec 17600->17602 17603 1a8de9 _free 20 API calls 17600->17603 17601->17600 17604 1ab8fe 17602->17604 17605 1a8de9 _free 20 API calls 17602->17605 17603->17602 17606 1ab910 17604->17606 17607 1a8de9 _free 20 API calls 17604->17607 17605->17604 17608 1ab922 17606->17608 17609 1a8de9 _free 20 API calls 17606->17609 17607->17606 17610 1ab934 17608->17610 17611 1a8de9 _free 20 API calls 17608->17611 17609->17608 17612 1ab946 17610->17612 17613 1a8de9 _free 20 API calls 17610->17613 17611->17610 17612->17588 17614 1a8de9 _free 20 API calls 17612->17614 17613->17612 17614->17588 17616 1ab969 17615->17616 17617 1ab9c1 17615->17617 17618 1ab979 17616->17618 17619 1a8de9 _free 20 API calls 17616->17619 17617->17566 17620 1ab98b 17618->17620 17621 1a8de9 _free 20 API calls 17618->17621 17619->17618 17622 1ab99d 17620->17622 17623 1a8de9 _free 20 API calls 17620->17623 17621->17620 17624 1ab9af 17622->17624 17625 1a8de9 _free 20 API calls 17622->17625 17623->17622 17624->17617 17626 1a8de9 _free 20 API calls 17624->17626 17625->17624 17626->17617 17628 1abd27 17627->17628 17632 1abd45 17627->17632 17628->17632 17633 1aba01 17628->17633 17631 1a8de9 _free 20 API calls 17631->17632 17632->17576 17634 1abadf 17633->17634 17635 1aba12 17633->17635 17634->17631 17669 1ab9c5 17635->17669 17638 1ab9c5 __fassign 20 API calls 17639 1aba25 17638->17639 17640 1ab9c5 __fassign 20 API calls 17639->17640 17641 1aba30 17640->17641 17642 1ab9c5 __fassign 20 API calls 17641->17642 17643 1aba3b 17642->17643 17644 1ab9c5 __fassign 20 API calls 17643->17644 17645 1aba49 17644->17645 17646 1a8de9 _free 20 API calls 17645->17646 17647 1aba54 17646->17647 17648 1a8de9 _free 20 API calls 17647->17648 17649 1aba5f 17648->17649 17650 1a8de9 _free 20 API calls 17649->17650 17651 1aba6a 17650->17651 17652 1ab9c5 __fassign 20 API calls 17651->17652 17653 1aba78 17652->17653 17654 1ab9c5 __fassign 20 API calls 17653->17654 17655 1aba86 17654->17655 17656 1ab9c5 __fassign 20 API calls 17655->17656 17657 1aba97 17656->17657 17658 1ab9c5 __fassign 20 API calls 17657->17658 17659 1abaa5 17658->17659 17660 1ab9c5 __fassign 20 API calls 17659->17660 17661 1abab3 17660->17661 17662 1a8de9 _free 20 API calls 17661->17662 17663 1ababe 17662->17663 17664 1a8de9 _free 20 API calls 17663->17664 17665 1abac9 17664->17665 17666 1a8de9 _free 20 API calls 17665->17666 17667 1abad4 17666->17667 17668 1a8de9 _free 20 API calls 17667->17668 17668->17634 17670 1ab9fc 17669->17670 17671 1ab9ec 17669->17671 17670->17638 17671->17670 17672 1a8de9 _free 20 API calls 17671->17672 17672->17671 17673->17558 17030 191020 HeapSetInformation GetModuleHandleW 17031 19103e GetProcAddress 17030->17031 17032 191063 SetDllDirectoryW GetModuleHandleW 17030->17032 17031->17032 17042 191050 17031->17042 17033 19107d GetProcAddress 17032->17033 17034 1910a2 IsProcessorFeaturePresent 17032->17034 17033->17034 17035 19108f 17033->17035 17036 1910ae 17034->17036 17037 1910c6 17034->17037 17035->17034 17038 193b70 9 API calls 17036->17038 17039 197fe0 30 API calls 17037->17039 17040 1910b8 ExitProcess 17038->17040 17041 1910cb 17039->17041 17043 1910ea 17041->17043 17044 1910d2 17041->17044 17042->17032 17042->17034 17049 1a08de 17043->17049 17045 193b70 9 API calls 17044->17045 17047 1910dc ExitProcess 17045->17047 17052 1a1035 17049->17052 17051 1a08e3 17051->17051 17053 1a104b 17052->17053 17055 1a1054 17053->17055 17056 1a0fe8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 17053->17056 17055->17051 17056->17055 14757 1a0762 14758 1a076e __FrameHandler3::FrameUnwindToState 14757->14758 14787 1a0d67 14758->14787 14760 1a0775 14761 1a08c8 14760->14761 14764 1a079f 14760->14764 15228 1a10ff IsProcessorFeaturePresent 14761->15228 14763 1a08cf 14765 1a08d5 14763->14765 15232 1a7dc4 14763->15232 14776 1a07de ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 14764->14776 15203 1a7ae9 14764->15203 15235 1a7d76 14765->15235 14771 1a07be 14773 1a083f 14798 1a1219 14773->14798 14775 1a0845 14802 1952f0 InterlockedExchange 14775->14802 14776->14773 15211 1a7d8c 14776->15211 14782 1a0865 14783 1a086e 14782->14783 15219 1a7d67 14782->15219 15222 1a0ef6 14783->15222 14788 1a0d70 14787->14788 15238 1a153d IsProcessorFeaturePresent 14788->15238 14792 1a0d81 14797 1a0d85 14792->14797 15249 1a84c7 14792->15249 14795 1a0d9c 14795->14760 14797->14760 15519 1a1ee0 14798->15519 14801 1a123f 14801->14775 15521 1933a0 14802->15521 14807 195577 15574 198080 GetModuleHandleW GetProcAddress 14807->15574 14808 1954d6 GetCurrentProcess 15551 197e70 OpenProcessToken 14808->15551 14812 195583 14814 1955c7 14812->14814 14815 195587 InterlockedExchange InterlockedExchange 14812->14815 15588 193b30 LoadStringW 14814->15588 14818 1955b5 14815->14818 14825 195523 14815->14825 14822 193b70 9 API calls 14818->14822 14821 1943e0 59 API calls 14826 1975c8 14821->14826 14822->14825 14823 1955e9 GetLastError 14824 19563b 14823->14824 14827 1955f6 InterlockedExchange 14823->14827 15591 19cf50 14824->15591 14825->14821 14829 194440 61 API calls 14826->14829 14831 193b30 6 API calls 14827->14831 14830 1975d4 14829->14830 14832 1975e9 14830->14832 14833 1975e2 CloseHandle 14830->14833 14834 195612 14831->14834 14835 1975fa 14832->14835 14836 1975f3 CloseHandle 14832->14836 14833->14832 15679 1911b0 FindWindowW 14834->15679 14840 19760b 14835->14840 14841 197604 CloseHandle 14835->14841 14836->14835 14848 197fe0 30 API calls 14840->14848 14841->14840 14874 197610 ___scrt_fastfail 14848->14874 14853 193b30 6 API calls 14856 19562d 14853->14856 14855 19770d 14858 197725 14855->14858 14859 197717 ReleaseMutex CloseHandle 14855->14859 14860 1911b0 2 API calls 14856->14860 15746 194170 14858->15746 14859->14858 14864 195633 14860->14864 14864->14825 14873 192d50 26 API calls 14877 197754 14873->14877 14874->14855 14893 197699 14874->14893 14881 192d50 26 API calls 14877->14881 14882 19775f 14881->14882 14886 192d50 26 API calls 14882->14886 14888 19776a 14886->14888 14892 192d50 26 API calls 14888->14892 14897 197775 14892->14897 15739 194000 14893->15739 14901 192d50 26 API calls 14897->14901 14907 197780 14901->14907 14902 1976a0 _wcsrchr 14914 194000 26 API calls 14902->14914 14910 192d50 26 API calls 14907->14910 14913 19778b 14910->14913 14916 192d50 26 API calls 14913->14916 14917 1976b2 _wcsrchr 14914->14917 14918 197796 14916->14918 15743 194800 14917->15743 14924 192d50 26 API calls 14918->14924 14928 1977a1 14924->14928 14933 192d50 26 API calls 14928->14933 14937 1977ac 14933->14937 14934 194800 26 API calls 14938 1976dd 14934->14938 14942 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14937->14942 14945 194000 26 API calls 14938->14945 14944 1977c6 14942->14944 15217 1a124f GetModuleHandleW 14944->15217 14949 1976e7 CreateHardLinkW 14945->14949 14949->14855 14953 1976f9 14949->14953 14960 194000 26 API calls 14953->14960 14965 197706 CopyFileW 14960->14965 14965->14855 15205 1a7b00 15203->15205 15204 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15206 1a07b8 15204->15206 15205->15204 15206->14771 15207 1a7a8d 15206->15207 15208 1a7abc 15207->15208 15209 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15208->15209 15210 1a7ae5 15209->15210 15210->14776 15212 1a7db4 _abort __onexit 15211->15212 15212->14773 15213 1a8aa5 _abort 38 API calls 15212->15213 15216 1a855b 15213->15216 15214 1a8658 _abort 38 API calls 15215 1a8585 15214->15215 15216->15214 15218 1a0861 15217->15218 15218->14763 15218->14782 16945 1a7b41 15219->16945 15223 1a0f02 15222->15223 15224 1a0876 15223->15224 17023 1a84d9 15223->17023 15224->14771 15227 1a2da4 ___vcrt_uninitialize 8 API calls 15227->15224 15229 1a1114 ___scrt_fastfail 15228->15229 15230 1a11bf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15229->15230 15231 1a120a ___scrt_fastfail 15230->15231 15231->14763 15233 1a7b41 _abort 28 API calls 15232->15233 15234 1a7dd5 15233->15234 15234->14765 15236 1a7b41 _abort 28 API calls 15235->15236 15237 1a08dd 15236->15237 15239 1a0d7c 15238->15239 15240 1a2d7b 15239->15240 15241 1a2d80 ___vcrt_initialize_winapi_thunks 15240->15241 15260 1a3e2c 15241->15260 15245 1a2d96 15246 1a2da1 15245->15246 15274 1a3e68 15245->15274 15246->14792 15248 1a2d8e 15248->14792 15315 1abeea 15249->15315 15252 1a2da4 15253 1a2dbe 15252->15253 15254 1a2dad 15252->15254 15253->14797 15255 1a30bf ___vcrt_uninitialize_ptd 6 API calls 15254->15255 15256 1a2db2 15255->15256 15257 1a3e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15256->15257 15258 1a2db7 15257->15258 15515 1a4129 15258->15515 15261 1a3e35 15260->15261 15263 1a3e5e 15261->15263 15265 1a2d8a 15261->15265 15278 1a40b9 15261->15278 15264 1a3e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15263->15264 15264->15265 15265->15248 15266 1a308c 15265->15266 15296 1a3fca 15266->15296 15269 1a30a1 15269->15245 15272 1a30bc 15272->15245 15275 1a3e92 15274->15275 15276 1a3e73 15274->15276 15275->15248 15277 1a3e7d DeleteCriticalSection 15276->15277 15277->15275 15277->15277 15283 1a3f5b 15278->15283 15280 1a40d3 15281 1a40f1 InitializeCriticalSectionAndSpinCount 15280->15281 15282 1a40dc 15280->15282 15281->15282 15282->15261 15284 1a3f83 15283->15284 15288 1a3f7f __crt_fast_encode_pointer 15283->15288 15284->15288 15289 1a3e97 15284->15289 15287 1a3f9d GetProcAddress 15287->15288 15288->15280 15292 1a3ea6 try_get_first_available_module 15289->15292 15290 1a3f50 15290->15287 15290->15288 15291 1a3ec3 LoadLibraryExW 15291->15292 15293 1a3ede GetLastError 15291->15293 15292->15290 15292->15291 15294 1a3f39 FreeLibrary 15292->15294 15295 1a3f11 LoadLibraryExW 15292->15295 15293->15292 15294->15292 15295->15292 15297 1a3f5b try_get_function 5 API calls 15296->15297 15298 1a3fe4 15297->15298 15299 1a3ffd TlsAlloc 15298->15299 15300 1a3096 15298->15300 15300->15269 15301 1a407b 15300->15301 15302 1a3f5b try_get_function 5 API calls 15301->15302 15303 1a4095 15302->15303 15304 1a40b0 TlsSetValue 15303->15304 15305 1a30af 15303->15305 15304->15305 15305->15272 15306 1a30bf 15305->15306 15307 1a30c9 15306->15307 15308 1a30cf 15306->15308 15310 1a4005 15307->15310 15308->15269 15311 1a3f5b try_get_function 5 API calls 15310->15311 15312 1a401f 15311->15312 15313 1a402b 15312->15313 15314 1a4037 TlsFree 15312->15314 15313->15308 15314->15313 15318 1abf07 15315->15318 15319 1abf03 15315->15319 15317 1a0d8e 15317->14795 15317->15252 15318->15319 15321 1a9f80 15318->15321 15333 1a0bbe 15319->15333 15322 1a9f8c __FrameHandler3::FrameUnwindToState 15321->15322 15340 1ab0d1 EnterCriticalSection 15322->15340 15324 1a9f93 15341 1ab685 15324->15341 15326 1a9fb1 15365 1a9fcd 15326->15365 15327 1a9fa2 15327->15326 15354 1a9e09 GetStartupInfoW 15327->15354 15331 1a9fc2 __onexit 15331->15318 15334 1a0bc9 IsProcessorFeaturePresent 15333->15334 15335 1a0bc7 15333->15335 15337 1a13e7 15334->15337 15335->15317 15514 1a13ab SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15337->15514 15339 1a14ca 15339->15317 15340->15324 15342 1ab691 __FrameHandler3::FrameUnwindToState 15341->15342 15343 1ab69e 15342->15343 15344 1ab6b5 15342->15344 15376 1a517e 15343->15376 15368 1ab0d1 EnterCriticalSection 15344->15368 15349 1ab6ed 15382 1ab714 15349->15382 15350 1ab6ad __onexit 15350->15327 15351 1ab6c1 15351->15349 15369 1ab5d6 15351->15369 15355 1a9eb8 15354->15355 15356 1a9e26 15354->15356 15360 1a9ebf 15355->15360 15356->15355 15357 1ab685 27 API calls 15356->15357 15358 1a9e4f 15357->15358 15358->15355 15359 1a9e7d GetFileType 15358->15359 15359->15358 15361 1a9ec6 15360->15361 15362 1a9f09 GetStdHandle 15361->15362 15363 1a9f71 15361->15363 15364 1a9f1c GetFileType 15361->15364 15362->15361 15363->15326 15364->15361 15513 1ab121 LeaveCriticalSection 15365->15513 15367 1a9fd4 15367->15331 15368->15351 15385 1aa272 15369->15385 15372 1ab5e8 15375 1ab5f5 15372->15375 15392 1ab3aa 15372->15392 15373 1ab647 15373->15351 15399 1a8de9 15375->15399 15433 1a8b29 GetLastError 15376->15433 15379 1a4640 15491 1a45c5 15379->15491 15381 1a464c 15381->15350 15512 1ab121 LeaveCriticalSection 15382->15512 15384 1ab71b 15384->15350 15391 1aa27f _abort 15385->15391 15386 1aa2bf 15388 1a517e _free 19 API calls 15386->15388 15387 1aa2aa RtlAllocateHeap 15389 1aa2bd 15387->15389 15387->15391 15388->15389 15389->15372 15391->15386 15391->15387 15405 1a7f33 15391->15405 15420 1ab138 15392->15420 15394 1ab3d1 15395 1ab3ef InitializeCriticalSectionAndSpinCount 15394->15395 15396 1ab3da 15394->15396 15395->15396 15397 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15396->15397 15398 1ab406 15397->15398 15398->15372 15400 1a8e1d _free 15399->15400 15401 1a8df4 HeapFree 15399->15401 15400->15373 15401->15400 15402 1a8e09 15401->15402 15403 1a517e _free 18 API calls 15402->15403 15404 1a8e0f GetLastError 15403->15404 15404->15400 15410 1a7f77 15405->15410 15407 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15408 1a7f73 15407->15408 15408->15391 15409 1a7f49 15409->15407 15411 1a7f83 __FrameHandler3::FrameUnwindToState 15410->15411 15416 1ab0d1 EnterCriticalSection 15411->15416 15413 1a7f8e 15417 1a7fc0 15413->15417 15415 1a7fb5 __onexit 15415->15409 15416->15413 15418 1ab121 _abort LeaveCriticalSection 15417->15418 15419 1a7fc7 15418->15419 15419->15415 15424 1ab164 15420->15424 15425 1ab168 __crt_fast_encode_pointer 15420->15425 15421 1ab188 15423 1ab194 GetProcAddress 15421->15423 15421->15425 15423->15425 15424->15421 15424->15425 15426 1ab1d4 15424->15426 15425->15394 15427 1ab1ea 15426->15427 15428 1ab1f5 LoadLibraryExW 15426->15428 15427->15424 15429 1ab212 GetLastError 15428->15429 15431 1ab22a 15428->15431 15429->15431 15432 1ab21d LoadLibraryExW 15429->15432 15430 1ab241 FreeLibrary 15430->15427 15431->15427 15431->15430 15432->15431 15434 1a8b48 15433->15434 15435 1a8b42 15433->15435 15436 1aa272 _abort 17 API calls 15434->15436 15440 1a8b9f SetLastError 15434->15440 15452 1ab2fb 15435->15452 15438 1a8b5a 15436->15438 15439 1a8b62 15438->15439 15459 1ab351 15438->15459 15443 1a8de9 _free 17 API calls 15439->15443 15441 1a5183 15440->15441 15441->15379 15445 1a8b68 15443->15445 15447 1a8b96 SetLastError 15445->15447 15446 1a8b7e 15466 1a890c 15446->15466 15447->15441 15450 1a8de9 _free 17 API calls 15451 1a8b8f 15450->15451 15451->15440 15451->15447 15453 1ab138 _abort 5 API calls 15452->15453 15454 1ab322 15453->15454 15455 1ab33a TlsGetValue 15454->15455 15456 1ab32e 15454->15456 15455->15456 15457 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15456->15457 15458 1ab34b 15457->15458 15458->15434 15460 1ab138 _abort 5 API calls 15459->15460 15461 1ab378 15460->15461 15462 1ab393 TlsSetValue 15461->15462 15465 1ab387 15461->15465 15462->15465 15463 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15464 1a8b77 15463->15464 15464->15439 15464->15446 15465->15463 15471 1a88e4 15466->15471 15477 1a8824 15471->15477 15473 1a8908 15474 1a8894 15473->15474 15483 1a8728 15474->15483 15476 1a88b8 15476->15450 15478 1a8830 __FrameHandler3::FrameUnwindToState 15477->15478 15479 1ab0d1 _abort EnterCriticalSection 15478->15479 15480 1a883a 15479->15480 15481 1a8860 _abort LeaveCriticalSection 15480->15481 15482 1a8858 __onexit 15481->15482 15482->15473 15484 1a8734 __FrameHandler3::FrameUnwindToState 15483->15484 15485 1ab0d1 _abort EnterCriticalSection 15484->15485 15486 1a873e 15485->15486 15487 1a8a5a _abort 20 API calls 15486->15487 15488 1a8756 15487->15488 15489 1a876c _abort LeaveCriticalSection 15488->15489 15490 1a8764 __onexit 15489->15490 15490->15476 15492 1a8b29 _abort 20 API calls 15491->15492 15493 1a45db 15492->15493 15494 1a463a 15493->15494 15495 1a45e9 15493->15495 15502 1a466d IsProcessorFeaturePresent 15494->15502 15499 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15495->15499 15497 1a463f 15498 1a45c5 __mbsinc 26 API calls 15497->15498 15500 1a464c 15498->15500 15501 1a4610 15499->15501 15500->15381 15501->15381 15503 1a4678 15502->15503 15506 1a4476 15503->15506 15507 1a4492 ___scrt_fastfail 15506->15507 15508 1a44be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15507->15508 15509 1a458f ___scrt_fastfail 15508->15509 15510 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15509->15510 15511 1a45ad GetCurrentProcess TerminateProcess 15510->15511 15511->15497 15512->15384 15513->15367 15514->15339 15516 1a4132 15515->15516 15518 1a4158 15515->15518 15517 1a4142 FreeLibrary 15516->15517 15516->15518 15517->15516 15518->15253 15520 1a122c GetStartupInfoW 15519->15520 15520->14801 15523 1933e0 ___scrt_fastfail 15521->15523 15522 193653 15524 193669 15522->15524 15525 19389f 15522->15525 15533 19368b 15522->15533 15523->15522 15523->15525 15755 192bb0 15523->15755 15528 192bb0 45 API calls 15524->15528 15524->15533 15767 193c10 15525->15767 15527 1938a4 15529 193c10 45 API calls 15527->15529 15528->15533 15532 1938a9 15529->15532 15530 1937aa 15535 1938ae 15530->15535 15541 19382a 15530->15541 15531 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15536 19389b 15531->15536 15537 1a4650 26 API calls 15532->15537 15533->15527 15533->15530 15540 1937db 15533->15540 15538 1a4650 26 API calls 15535->15538 15542 197fe0 GetVersionExW 15536->15542 15537->15535 15539 1938b3 15538->15539 15540->15532 15540->15541 15541->15531 15543 198049 GetLastError 15542->15543 15544 19800e 15542->15544 15837 197da0 15543->15837 15545 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15544->15545 15547 1954cb 15545->15547 15547->14807 15547->14808 15549 1a203a __CxxThrowException@8 RaiseException 15550 198071 15549->15550 15552 197eba GetTokenInformation 15551->15552 15553 197f73 GetLastError 15551->15553 15842 1a0ce3 15552->15842 15554 197da0 27 API calls 15553->15554 15556 197f87 15554->15556 15560 1a203a __CxxThrowException@8 RaiseException 15556->15560 15559 197f95 GetLastError 15563 197da0 27 API calls 15559->15563 15560->15559 15562 197fb7 GetLastError 15566 197da0 27 API calls 15562->15566 15565 197fa9 15563->15565 15569 1a203a __CxxThrowException@8 RaiseException 15565->15569 15567 197fcb 15566->15567 15570 1a203a __CxxThrowException@8 RaiseException 15567->15570 15569->15562 15572 197fd9 15570->15572 15575 1980bf GetCurrentProcess 15574->15575 15576 1980ae 15574->15576 15579 1980e0 15575->15579 15577 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15576->15577 15578 1980bb 15577->15578 15578->14812 15580 198101 GetLastError 15579->15580 15581 1980e6 15579->15581 15582 197da0 27 API calls 15580->15582 15583 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15581->15583 15585 198115 15582->15585 15584 1980fd 15583->15584 15584->14812 15586 1a203a __CxxThrowException@8 RaiseException 15585->15586 15587 198123 15586->15587 15589 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15588->15589 15590 193b68 CreateMutexW 15589->15590 15590->14823 15590->14824 15843 19b0e0 15591->15843 15680 1911c2 SetForegroundWindow 15679->15680 15681 1911cd 15679->15681 15680->15681 15681->14825 15681->14853 15740 194009 15739->15740 15741 194013 15739->15741 16900 1a4f49 15740->16900 15741->14902 15744 1a5090 26 API calls 15743->15744 15745 194813 15744->15745 15745->14934 15747 194188 15746->15747 15748 1941a6 15746->15748 15747->15748 15749 194199 Sleep 15747->15749 15748->14873 15749->15747 15749->15748 15756 192d47 15755->15756 15760 192be0 15755->15760 15782 193c00 15756->15782 15759 192c1a 15772 1a0bcf 15759->15772 15760->15759 15761 192c4e 15760->15761 15763 1a0bcf 22 API calls 15761->15763 15765 192c38 15761->15765 15763->15765 15764 1a4650 26 API calls 15764->15756 15765->15764 15765->15765 15766 192d15 15765->15766 15766->15523 15827 1a05bd 15767->15827 15775 1a0bd4 15772->15775 15774 1a0bee 15774->15765 15775->15774 15776 1a7f33 _abort 7 API calls 15775->15776 15778 1a0bf0 15775->15778 15789 1a5196 15775->15789 15776->15775 15777 1a151f 15779 1a203a __CxxThrowException@8 RaiseException 15777->15779 15778->15777 15798 1a203a 15778->15798 15780 1a153c 15779->15780 15801 1a059d 15782->15801 15790 1a8e23 15789->15790 15791 1a8e61 15790->15791 15793 1a8e4c HeapAlloc 15790->15793 15796 1a8e35 _abort 15790->15796 15792 1a517e _free 20 API calls 15791->15792 15795 1a8e66 15792->15795 15794 1a8e5f 15793->15794 15793->15796 15794->15795 15795->15775 15796->15791 15796->15793 15797 1a7f33 _abort 7 API calls 15796->15797 15797->15796 15800 1a205a RaiseException 15798->15800 15800->15777 15806 1a04eb 15801->15806 15804 1a203a __CxxThrowException@8 RaiseException 15805 1a05bc 15804->15805 15809 1a0493 15806->15809 15812 1a2a76 15809->15812 15811 1a04bf 15811->15804 15813 1a2ab0 15812->15813 15814 1a2a83 15812->15814 15813->15811 15814->15813 15815 1a5196 ___std_exception_copy 21 API calls 15814->15815 15816 1a2aa0 15815->15816 15816->15813 15818 1a85fe 15816->15818 15819 1a860b 15818->15819 15820 1a8619 15818->15820 15819->15820 15825 1a8630 15819->15825 15821 1a517e _free 20 API calls 15820->15821 15822 1a8621 15821->15822 15823 1a4640 __mbsinc 26 API calls 15822->15823 15824 1a862b 15823->15824 15824->15813 15825->15824 15826 1a517e _free 20 API calls 15825->15826 15826->15822 15834 1a054b 15827->15834 15830 1a203a __CxxThrowException@8 RaiseException 15831 1a05dc 15830->15831 15832 197ae6 ___delayLoadHelper2@8 17 API calls 15831->15832 15833 1a05f4 15832->15833 15835 1a0493 std::exception::exception 27 API calls 15834->15835 15836 1a055d 15835->15836 15836->15830 15838 1a2a76 ___std_exception_copy 27 API calls 15837->15838 15839 197ddd 15838->15839 15840 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15839->15840 15841 197df9 15840->15841 15841->15549 15928 19b780 15843->15928 15846 19b12c 15852 19b780 39 API calls 15846->15852 15847 19b741 16153 199da0 15847->16153 15849 19b74b 15850 199da0 RaiseException 15849->15850 15851 19b755 15850->15851 15853 199da0 RaiseException 15851->15853 15854 19b152 15852->15854 15855 19b75f 15853->15855 15854->15849 15856 19b15c 15854->15856 15857 199da0 RaiseException 15855->15857 15863 19b780 39 API calls 15856->15863 15858 19b769 15857->15858 15859 199da0 RaiseException 15858->15859 15860 19b773 15859->15860 15861 1a4650 26 API calls 15860->15861 15862 19b778 15861->15862 15864 1a4650 26 API calls 15862->15864 15865 19b182 15863->15865 15866 19b77d 15864->15866 15865->15851 15867 19b18c 15865->15867 15868 19b780 39 API calls 15867->15868 15869 19b1b2 15868->15869 15869->15855 15870 19b1bc 15869->15870 15943 199530 15870->15943 15872 19b1f2 15873 19b780 39 API calls 15872->15873 15874 19b20a 15873->15874 15874->15858 15875 19b214 15874->15875 16014 198dc0 15875->16014 15877 19b24f 16032 199450 CryptCreateHash 15877->16032 15880 198dc0 35 API calls 15881 19b287 15880->15881 15882 199450 31 API calls 15881->15882 15883 19b2a5 15882->15883 16043 19c500 15883->16043 15929 19b7b1 15928->15929 15940 19b79d 15928->15940 16157 1a0aca EnterCriticalSection 15929->16157 15931 19b7bb 15933 19b7c7 GetProcessHeap 15931->15933 15931->15940 15932 1a0aca 5 API calls 15935 19b81b 15932->15935 16162 1a0f59 15933->16162 15937 1a0f59 29 API calls 15935->15937 15942 19b122 15935->15942 15939 19b874 15937->15939 15941 1a0a80 4 API calls 15939->15941 15940->15932 15940->15942 15941->15942 15942->15846 15942->15847 15944 19b780 39 API calls 15943->15944 15945 199566 15944->15945 15946 19981a 15945->15946 15947 199571 15945->15947 15948 199da0 RaiseException 15946->15948 15953 19b780 39 API calls 15947->15953 15949 199824 15948->15949 15950 199da0 RaiseException 15949->15950 15951 19982e 15950->15951 15952 199da0 RaiseException 15951->15952 15954 199838 15952->15954 15955 199595 15953->15955 15956 199da0 RaiseException 15954->15956 15955->15949 15957 1995a0 15955->15957 15958 199842 15956->15958 15963 19b780 39 API calls 15957->15963 15959 199da0 RaiseException 15958->15959 15960 19984c 15959->15960 15961 199da0 RaiseException 15960->15961 15962 199856 15961->15962 15964 199da0 RaiseException 15962->15964 15965 1995c4 15963->15965 15966 199860 15964->15966 15965->15951 15967 1995cf 15965->15967 15968 199da0 RaiseException 15966->15968 15973 19b780 39 API calls 15967->15973 15969 19986a 15968->15969 15970 199da0 RaiseException 15969->15970 15971 199874 15970->15971 15972 199da0 RaiseException 15971->15972 15974 19987e 15972->15974 15975 1995f3 15973->15975 15976 199da0 RaiseException 15974->15976 15975->15954 15977 1995fe 15975->15977 15978 199888 15976->15978 15983 19b780 39 API calls 15977->15983 15979 199da0 RaiseException 15978->15979 15980 199892 15979->15980 15981 199da0 RaiseException 15980->15981 15982 1997c9 15981->15982 15984 199da0 RaiseException 15982->15984 16013 1997d4 15982->16013 15985 199622 15983->15985 15986 1998a6 15984->15986 15985->15958 15987 19962d 15985->15987 15986->15872 15988 19b780 39 API calls 15987->15988 15989 199651 15988->15989 15989->15960 15990 19965c 15989->15990 15991 19b780 39 API calls 15990->15991 15992 199680 15991->15992 15992->15962 15993 19968b 15992->15993 15994 19b780 39 API calls 15993->15994 15995 1996af 15994->15995 15995->15966 15996 1996ba 15995->15996 15997 19b780 39 API calls 15996->15997 15998 1996de 15997->15998 15998->15969 15999 1996e9 15998->15999 16000 19b780 39 API calls 15999->16000 16001 19970d 16000->16001 16001->15971 16002 199718 16001->16002 16003 19b780 39 API calls 16002->16003 16004 19973c 16003->16004 16004->15974 16005 199747 16004->16005 16006 19b780 39 API calls 16005->16006 16007 19976b 16006->16007 16007->15978 16008 199776 16007->16008 16009 19b780 39 API calls 16008->16009 16010 19979a 16009->16010 16010->15980 16011 1997a5 16010->16011 16012 19b780 39 API calls 16011->16012 16012->15982 16013->15872 16015 198e3e ___scrt_fastfail 16014->16015 16016 197fe0 30 API calls 16015->16016 16017 198e46 16016->16017 16018 198e4d lstrcatA 16017->16018 16019 198e5c CryptAcquireContextA 16017->16019 16018->16019 16020 198ea7 GetLastError 16019->16020 16021 198e77 16019->16021 16022 197da0 27 API calls 16020->16022 16023 198e8b 16021->16023 16024 198e82 CryptReleaseContext 16021->16024 16025 198ebe 16022->16025 16026 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16023->16026 16024->16023 16027 1a203a __CxxThrowException@8 RaiseException 16025->16027 16028 198ea3 16026->16028 16029 198ecf 16027->16029 16028->15877 16030 198edf 16029->16030 16031 198ed6 CryptReleaseContext 16029->16031 16030->15877 16031->16030 16033 19947a 16032->16033 16034 19949f GetLastError 16032->16034 16035 199488 CryptDestroyHash 16033->16035 16036 19948f 16033->16036 16037 197da0 27 API calls 16034->16037 16035->16036 16038 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16036->16038 16039 1994b3 16037->16039 16040 199499 16038->16040 16041 1a203a __CxxThrowException@8 RaiseException 16039->16041 16040->15880 16042 1994c1 16041->16042 16044 19b780 39 API calls 16043->16044 16045 19c53d 16044->16045 16046 19c88c 16045->16046 16047 19c547 16045->16047 16048 199da0 RaiseException 16046->16048 16053 19b780 39 API calls 16047->16053 16049 19c896 16048->16049 16050 199da0 RaiseException 16049->16050 16051 19c8a0 16050->16051 16052 199da0 RaiseException 16051->16052 16054 19c8aa 16052->16054 16055 19c56a 16053->16055 16056 199da0 RaiseException 16054->16056 16055->16049 16057 19c574 16055->16057 16058 19c8b4 16056->16058 16059 19b780 39 API calls 16057->16059 16060 19c594 16059->16060 16060->16051 16062 19c59e 16060->16062 16061 19c5f7 GetSystemDirectoryW 16064 19c607 GetLastError 16061->16064 16066 19c614 16061->16066 16062->16061 16209 19c920 16062->16209 16064->16066 16066->16054 16067 19c677 GetVolumePathNameW 16066->16067 16068 19c920 RaiseException 16066->16068 16071 19c7fd 16066->16071 16069 19c688 GetLastError 16067->16069 16075 19c693 16067->16075 16070 19c671 16068->16070 16069->16075 16070->16067 16072 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16071->16072 16073 19b3f1 16072->16073 16089 19a100 16073->16089 16074 19c6e5 GetVolumeNameForVolumeMountPointW 16076 19c6f6 GetLastError 16074->16076 16086 19c701 16074->16086 16075->16054 16075->16071 16075->16074 16077 19c920 RaiseException 16075->16077 16076->16086 16078 19c6e2 16077->16078 16078->16074 16079 19c79e CreateFileW 16080 19c7b8 GetLastError 16079->16080 16081 19c7c3 DeviceIoControl 16079->16081 16080->16071 16082 19c7ee 16081->16082 16083 19c7e3 GetLastError 16081->16083 16084 19c7f6 CloseHandle 16082->16084 16083->16084 16084->16071 16085 19c789 16085->16054 16088 19c795 16085->16088 16086->16054 16086->16071 16086->16079 16086->16085 16087 19c920 RaiseException 16086->16087 16087->16085 16088->16079 16090 19b780 39 API calls 16089->16090 16091 19a144 16090->16091 16092 19a14e GetVersion 16091->16092 16093 19a4b7 16091->16093 16228 199ff0 16092->16228 16094 199da0 RaiseException 16093->16094 16095 19a4c1 16094->16095 16096 199da0 RaiseException 16095->16096 16098 19a4cb 16096->16098 16100 199da0 RaiseException 16098->16100 16102 19a4d5 16100->16102 16101 19a19a CreateFileW 16103 19a1b9 GetLastError 16101->16103 16104 19a1c7 16101->16104 16105 19cc40 RaiseException 16102->16105 16110 19a46e 16103->16110 16106 1a5196 ___std_exception_copy 21 API calls 16104->16106 16107 19a4da 16105->16107 16108 19a1d1 ___scrt_fastfail 16106->16108 16109 19a1dd 16108->16109 16113 19a1f6 DeviceIoControl 16108->16113 16111 19a465 CloseHandle 16109->16111 16112 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16110->16112 16111->16110 16115 19a4b3 16112->16115 16114 19a22b GetLastError 16113->16114 16116 19a239 16113->16116 16114->16111 16144 19a4e0 16115->16144 16116->16109 16117 19a41b 16116->16117 16118 19a265 16116->16118 16119 19a438 16117->16119 16120 19a422 16117->16120 16122 19b780 39 API calls 16118->16122 16127 19cb70 27 API calls 16119->16127 16121 19cb70 27 API calls 16120->16121 16123 19a42e 16121->16123 16125 19a26e 16122->16125 16126 19cc50 43 API calls 16123->16126 16125->16095 16130 19a279 16125->16130 16126->16109 16128 19a454 16127->16128 16129 19cc50 43 API calls 16128->16129 16129->16109 16130->16098 16131 19a2bb 16130->16131 16241 19c8c0 16130->16241 16245 19cdd0 16131->16245 16134 19a2cc 16134->16098 16135 19a2fa 16134->16135 16137 19a3d7 16135->16137 16140 19a334 16135->16140 16141 19a35a 16135->16141 16136 19a39e 16136->16141 16297 19cc50 16136->16297 16275 19cb70 16137->16275 16140->16102 16140->16141 16142 19a385 16140->16142 16141->16136 16255 19cfb0 16142->16255 16145 19b780 39 API calls 16144->16145 16146 19a523 16145->16146 16147 199da0 RaiseException 16146->16147 16148 19a8e1 16147->16148 16149 199da0 RaiseException 16148->16149 16150 19a8eb 16149->16150 16151 19cc40 RaiseException 16150->16151 16152 19a8f0 16151->16152 16154 199daf 16153->16154 16155 1a203a __CxxThrowException@8 RaiseException 16154->16155 16156 199dbd 16155->16156 16156->15849 16161 1a0ade 16157->16161 16158 1a0ae3 LeaveCriticalSection 16158->15931 16161->16158 16169 1a0b5e 16161->16169 16172 1a0f1e 16162->16172 16165 1a0a80 EnterCriticalSection LeaveCriticalSection 16166 1a0b1c 16165->16166 16167 1a0b4a SetEvent ResetEvent 16166->16167 16168 1a0b25 16166->16168 16167->15940 16168->15940 16170 1a0b97 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16169->16170 16171 1a0b6b 16169->16171 16170->16171 16171->16161 16173 1a0f3b 16172->16173 16174 1a0f42 16172->16174 16178 1a831c 16173->16178 16181 1a838c 16174->16181 16177 19b802 16177->16165 16179 1a838c __onexit 29 API calls 16178->16179 16180 1a832e 16179->16180 16180->16177 16184 1a8093 16181->16184 16187 1a7fc9 16184->16187 16186 1a80b7 16186->16177 16188 1a7fd5 __FrameHandler3::FrameUnwindToState 16187->16188 16195 1ab0d1 EnterCriticalSection 16188->16195 16190 1a7fe3 16196 1a81db 16190->16196 16192 1a7ff0 16206 1a800e 16192->16206 16194 1a8001 __onexit 16194->16186 16195->16190 16197 1a81f9 16196->16197 16205 1a81f1 __onexit __crt_fast_encode_pointer 16196->16205 16198 1a8252 16197->16198 16199 1a8586 __onexit 29 API calls 16197->16199 16197->16205 16200 1a8586 __onexit 29 API calls 16198->16200 16198->16205 16202 1a8248 16199->16202 16201 1a8268 16200->16201 16203 1a8de9 _free 20 API calls 16201->16203 16204 1a8de9 _free 20 API calls 16202->16204 16203->16205 16204->16198 16205->16192 16207 1ab121 _abort LeaveCriticalSection 16206->16207 16208 1a8018 16207->16208 16208->16194 16210 19c939 16209->16210 16214 19c947 16209->16214 16216 199f40 16210->16216 16211 19c5f4 16211->16061 16214->16211 16220 19c9d0 16214->16220 16217 199f69 16216->16217 16225 19cc40 16217->16225 16222 19c9e3 16220->16222 16221 19cc40 RaiseException 16224 19ca15 16221->16224 16222->16221 16223 19ca06 16222->16223 16223->16211 16224->16211 16226 199da0 RaiseException 16225->16226 16227 19cc4a 16226->16227 16229 19a005 ___scrt_initialize_default_local_stdio_options 16228->16229 16239 19a071 16228->16239 16325 1a706b 16229->16325 16230 199da0 RaiseException 16231 19a097 16230->16231 16233 199da0 RaiseException 16231->16233 16238 19a0a1 16233->16238 16235 19a054 16328 1a708f 16235->16328 16236 19c920 RaiseException 16236->16235 16238->16101 16239->16230 16240 19a07b 16239->16240 16240->16101 16242 19c8e7 16241->16242 16243 19c913 16242->16243 16607 19c980 16242->16607 16243->16131 16247 19cde8 16245->16247 16248 19ce96 16247->16248 16251 19ce64 16247->16251 16612 1a55d7 16247->16612 16616 1a52a8 16247->16616 16621 1a5279 16247->16621 16250 1a52a8 42 API calls 16248->16250 16254 19cf12 16248->16254 16250->16248 16251->16248 16253 1a5279 42 API calls 16251->16253 16253->16251 16254->16134 16276 19cb81 16275->16276 16281 19cb8e 16275->16281 16696 199dd0 16276->16696 16280 19cbca 16281->16280 16283 19c8c0 RaiseException 16281->16283 16293 19cbe8 BuildCatchObjectHelperInternal 16281->16293 16283->16280 16300 19cc5f 16297->16300 16316 19ccb7 16297->16316 16331 1a5bc9 16325->16331 16553 1a5d4e 16328->16553 16330 1a70ae 16330->16239 16332 1a5c09 16331->16332 16333 1a5bf1 16331->16333 16332->16333 16335 1a5c11 16332->16335 16334 1a517e _free 20 API calls 16333->16334 16336 1a5bf6 16334->16336 16348 1a4dd3 16335->16348 16338 1a4640 __mbsinc 26 API calls 16336->16338 16346 1a5c01 16338->16346 16340 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16342 19a026 16340->16342 16342->16231 16342->16235 16342->16236 16346->16340 16349 1a4df0 16348->16349 16350 1a4de6 16348->16350 16349->16350 16376 1a8aa5 GetLastError 16349->16376 16356 1a6089 16350->16356 16352 1a4e11 16396 1a8d51 16352->16396 16357 1a60a8 16356->16357 16358 1a517e _free 20 API calls 16357->16358 16359 1a5c99 16358->16359 16360 1a63a8 16359->16360 16436 1a4e82 16360->16436 16362 1a63cd 16363 1a517e _free 20 API calls 16362->16363 16364 1a63d2 16363->16364 16366 1a4640 __mbsinc 26 API calls 16364->16366 16365 1a5ca4 16373 1a60be 16365->16373 16366->16365 16367 1a63b8 16367->16362 16367->16365 16443 1a6505 16367->16443 16450 1a6941 16367->16450 16455 1a653f 16367->16455 16460 1a6568 16367->16460 16491 1a66e4 16367->16491 16374 1a8de9 _free 20 API calls 16373->16374 16375 1a60ce 16374->16375 16375->16346 16377 1a8abb 16376->16377 16378 1a8ac1 16376->16378 16379 1ab2fb _abort 11 API calls 16377->16379 16380 1aa272 _abort 20 API calls 16378->16380 16382 1a8b10 SetLastError 16378->16382 16379->16378 16381 1a8ad3 16380->16381 16383 1a8adb 16381->16383 16384 1ab351 _abort 11 API calls 16381->16384 16382->16352 16386 1a8de9 _free 20 API calls 16383->16386 16385 1a8af0 16384->16385 16385->16383 16388 1a8af7 16385->16388 16387 1a8ae1 16386->16387 16389 1a8b1c SetLastError 16387->16389 16390 1a890c _abort 20 API calls 16388->16390 16404 1a8658 16389->16404 16391 1a8b02 16390->16391 16393 1a8de9 _free 20 API calls 16391->16393 16395 1a8b09 16393->16395 16395->16382 16395->16389 16397 1a4e2a 16396->16397 16398 1a8d64 16396->16398 16400 1a8d7e 16397->16400 16398->16397 16415 1abdf4 16398->16415 16401 1a8da6 16400->16401 16402 1a8d91 16400->16402 16401->16350 16402->16401 16427 1aacee 16402->16427 16405 1ac0a6 _abort EnterCriticalSection LeaveCriticalSection 16404->16405 16406 1a865d 16405->16406 16407 1ac101 _abort 37 API calls 16406->16407 16411 1a8668 16406->16411 16407->16411 16408 1a8672 IsProcessorFeaturePresent 16412 1a867d 16408->16412 16409 1a8690 16410 1a7d76 _abort 28 API calls 16409->16410 16413 1a869a 16410->16413 16411->16408 16411->16409 16414 1a4476 _abort 8 API calls 16412->16414 16414->16409 16416 1abe00 __FrameHandler3::FrameUnwindToState 16415->16416 16417 1a8aa5 _abort 38 API calls 16416->16417 16418 1abe09 16417->16418 16419 1abe57 __onexit 16418->16419 16420 1ab0d1 _abort EnterCriticalSection 16418->16420 16419->16397 16421 1abe27 16420->16421 16422 1abe6b __fassign 20 API calls 16421->16422 16423 1abe3b 16422->16423 16424 1abe5a __fassign LeaveCriticalSection 16423->16424 16425 1abe4e 16424->16425 16425->16419 16428 1aacfa __FrameHandler3::FrameUnwindToState 16427->16428 16429 1a8aa5 _abort 38 API calls 16428->16429 16434 1aad04 16429->16434 16430 1ab0d1 _abort EnterCriticalSection 16430->16434 16431 1aad88 __onexit 16431->16401 16432 1aad7f __fassign LeaveCriticalSection 16432->16434 16433 1a8658 _abort 38 API calls 16433->16434 16434->16430 16434->16431 16434->16432 16434->16433 16435 1a8de9 _free 20 API calls 16434->16435 16435->16434 16437 1a4e9a 16436->16437 16438 1a4e87 16436->16438 16437->16367 16439 1a517e _free 20 API calls 16438->16439 16440 1a4e8c 16439->16440 16441 1a4640 __mbsinc 26 API calls 16440->16441 16442 1a4e97 16441->16442 16442->16367 16444 1a650a 16443->16444 16445 1a6521 16444->16445 16446 1a517e _free 20 API calls 16444->16446 16445->16367 16447 1a6513 16446->16447 16448 1a4640 __mbsinc 26 API calls 16447->16448 16449 1a651e 16448->16449 16449->16367 16451 1a6948 16450->16451 16452 1a6952 16450->16452 16515 1a621a 16451->16515 16452->16367 16456 1a6546 16455->16456 16457 1a6550 16455->16457 16458 1a621a 39 API calls 16456->16458 16457->16367 16459 1a654f 16458->16459 16459->16367 16461 1a658b 16460->16461 16462 1a6571 16460->16462 16463 1a65bc 16461->16463 16464 1a517e _free 20 API calls 16461->16464 16462->16463 16465 1a670b 16462->16465 16466 1a6776 16462->16466 16463->16367 16467 1a65a8 16464->16467 16475 1a6717 16465->16475 16478 1a674d 16465->16478 16469 1a67bc 16466->16469 16470 1a677d 16466->16470 16466->16478 16468 1a4640 __mbsinc 26 API calls 16467->16468 16471 1a65b3 16468->16471 16546 1a6e13 16469->16546 16472 1a6782 16470->16472 16482 1a6724 16470->16482 16471->16367 16474 1a6787 16472->16474 16472->16478 16479 1a679a 16474->16479 16480 1a678c 16474->16480 16481 1a675d 16475->16481 16475->16482 16489 1a6732 16475->16489 16478->16489 16490 1a6746 16478->16490 16532 1a6c36 16478->16532 16526 1a6d80 16479->16526 16480->16490 16522 1a6df4 16480->16522 16481->16490 16518 1a6b9e 16481->16518 16482->16489 16482->16490 16538 1a6a2c 16482->16538 16484 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16487 1a693d 16484->16487 16487->16367 16489->16490 16549 1a6f46 16489->16549 16490->16484 16492 1a6776 16491->16492 16495 1a670b 16491->16495 16493 1a67bc 16492->16493 16494 1a677d 16492->16494 16499 1a674d 16492->16499 16498 1a6e13 26 API calls 16493->16498 16496 1a6782 16494->16496 16497 1a6724 16494->16497 16495->16499 16500 1a6717 16495->16500 16496->16499 16503 1a6787 16496->16503 16502 1a6a2c 48 API calls 16497->16502 16513 1a6732 16497->16513 16514 1a6746 16497->16514 16498->16513 16501 1a6c36 26 API calls 16499->16501 16499->16513 16499->16514 16500->16497 16504 1a675d 16500->16504 16500->16513 16501->16513 16502->16513 16505 1a679a 16503->16505 16506 1a678c 16503->16506 16509 1a6b9e 40 API calls 16504->16509 16504->16514 16507 1a6d80 26 API calls 16505->16507 16510 1a6df4 26 API calls 16506->16510 16506->16514 16507->16513 16508 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16511 1a693d 16508->16511 16509->16513 16510->16513 16511->16367 16512 1a6f46 40 API calls 16512->16514 16513->16512 16513->16514 16514->16508 16516 1a9132 39 API calls 16515->16516 16517 1a6243 16516->16517 16517->16367 16519 1a6bca 16518->16519 16520 1a915e __fassign 40 API calls 16519->16520 16521 1a6bf9 16519->16521 16520->16521 16521->16489 16533 1a6c47 16532->16533 16534 1a517e _free 20 API calls 16533->16534 16537 1a6c71 16533->16537 16535 1a6c66 16534->16535 16537->16489 16539 1a6a48 16538->16539 16540 1a5de0 21 API calls 16539->16540 16547 1a6c36 26 API calls 16546->16547 16548 1a6e2a 16547->16548 16548->16489 16550 1a6f58 16549->16550 16551 1a6fa6 16549->16551 16550->16551 16552 1a915e __fassign 40 API calls 16550->16552 16551->16490 16552->16550 16554 1a5d59 16553->16554 16555 1a5d6e 16553->16555 16556 1a517e _free 20 API calls 16554->16556 16557 1a5db2 16555->16557 16560 1a5d7c 16555->16560 16559 1a5d5e 16556->16559 16558 1a517e _free 20 API calls 16557->16558 16562 1a5daa 16558->16562 16563 1a4640 __mbsinc 26 API calls 16559->16563 16569 1a5a44 16560->16569 16566 1a4640 __mbsinc 26 API calls 16562->16566 16565 1a5d69 16563->16565 16565->16330 16567 1a5dc2 16566->16567 16567->16330 16570 1a5a6c 16569->16570 16571 1a5a84 16569->16571 16572 1a517e _free 20 API calls 16570->16572 16571->16570 16573 1a5a8c 16571->16573 16574 1a5a71 16572->16574 16575 1a4dd3 __fassign 38 API calls 16573->16575 16576 1a4640 __mbsinc 26 API calls 16574->16576 16577 1a5a9c 16575->16577 16578 1a5a7c 16576->16578 16580 1a6089 20 API calls 16577->16580 16579 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16578->16579 16581 1a5ba6 16579->16581 16582 1a5b14 16580->16582 16581->16567 16586 1a6278 16582->16586 16608 19c993 16607->16608 16609 19cc40 RaiseException 16608->16609 16611 19c9b6 16608->16611 16610 19c9c5 16609->16610 16611->16243 16613 1a55ef 16612->16613 16614 1a55e5 16612->16614 16613->16247 16626 1a55a3 16614->16626 16617 1a52b6 16616->16617 16618 1a52c4 16616->16618 16686 1a5214 16617->16686 16618->16247 16622 1a5287 16621->16622 16623 1a5295 16621->16623 16691 1a51d9 16622->16691 16623->16247 16629 1a541f 16626->16629 16630 1a4dd3 __fassign 38 API calls 16629->16630 16631 1a5433 16630->16631 16632 1a5489 16631->16632 16633 1a543e 16631->16633 16634 1a54b0 16632->16634 16687 1a4dd3 __fassign 38 API calls 16686->16687 16688 1a5227 16687->16688 16689 1a4ec7 42 API calls 16688->16689 16690 1a5235 16689->16690 16690->16247 16692 1a4dd3 __fassign 38 API calls 16691->16692 16693 1a51ec 16692->16693 16694 1a4ec7 42 API calls 16693->16694 16695 1a51fd 16694->16695 16695->16247 16901 1a4f56 16900->16901 16902 1a4f65 16901->16902 16903 1a517e _free 20 API calls 16901->16903 16902->15741 16904 1a4f5b 16903->16904 16905 1a4640 __mbsinc 26 API calls 16904->16905 16905->16902 16946 1a7b4d _abort 16945->16946 16947 1a7b65 16946->16947 16967 1a7c9b GetModuleHandleW 16946->16967 16976 1ab0d1 EnterCriticalSection 16947->16976 16951 1a7c0b 16980 1a7c4b 16951->16980 16954 1a7be2 16958 1a7bfa 16954->16958 16962 1a7a8d _abort 5 API calls 16954->16962 16956 1a7c28 16983 1a7c5a 16956->16983 16957 1a7c54 16991 1b1b19 16957->16991 16963 1a7a8d _abort 5 API calls 16958->16963 16962->16958 16963->16951 16964 1a7b6d 16964->16951 16964->16954 16977 1a8332 16964->16977 16968 1a7b59 16967->16968 16968->16947 16969 1a7cdf GetModuleHandleExW 16968->16969 16970 1a7d09 GetProcAddress 16969->16970 16973 1a7d1e 16969->16973 16970->16973 16971 1a7d3b 16974 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16971->16974 16972 1a7d32 FreeLibrary 16972->16971 16973->16971 16973->16972 16975 1a7d45 16974->16975 16975->16947 16976->16964 16994 1a806b 16977->16994 17016 1ab121 LeaveCriticalSection 16980->17016 16982 1a7c24 16982->16956 16982->16957 17017 1ab516 16983->17017 16986 1a7c88 16989 1a7cdf _abort 8 API calls 16986->16989 16987 1a7c68 GetPEB 16987->16986 16988 1a7c78 GetCurrentProcess TerminateProcess 16987->16988 16988->16986 16990 1a7c90 ExitProcess 16989->16990 16992 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16991->16992 16993 1b1b24 16992->16993 16993->16993 16997 1a801a 16994->16997 16996 1a808f 16996->16954 16998 1a8026 __FrameHandler3::FrameUnwindToState 16997->16998 17005 1ab0d1 EnterCriticalSection 16998->17005 17000 1a8034 17006 1a80bb 17000->17006 17004 1a8052 __onexit 17004->16996 17005->17000 17007 1a80db 17006->17007 17008 1a80e3 17006->17008 17009 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17007->17009 17008->17007 17011 1a8de9 _free 20 API calls 17008->17011 17010 1a8041 17009->17010 17012 1a805f 17010->17012 17011->17007 17015 1ab121 LeaveCriticalSection 17012->17015 17014 1a8069 17014->17004 17015->17014 17016->16982 17018 1ab53b 17017->17018 17022 1ab531 17017->17022 17019 1ab138 _abort 5 API calls 17018->17019 17019->17022 17020 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17021 1a7c64 17020->17021 17021->16986 17021->16987 17022->17020 17026 1abf6d 17023->17026 17029 1abf86 17026->17029 17027 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17028 1a0f10 17027->17028 17028->15227 17029->17027 19589 1a8990 19590 1a899b 19589->19590 19591 1a89ab 19589->19591 19595 1a89b1 19590->19595 19594 1a8de9 _free 20 API calls 19594->19591 19596 1a89c4 19595->19596 19599 1a89ca 19595->19599 19597 1a8de9 _free 20 API calls 19596->19597 19597->19599 19598 1a8de9 _free 20 API calls 19600 1a89d6 19598->19600 19599->19598 19601 1a8de9 _free 20 API calls 19600->19601 19602 1a89e1 19601->19602 19603 1a8de9 _free 20 API calls 19602->19603 19604 1a89ec 19603->19604 19605 1a8de9 _free 20 API calls 19604->19605 19606 1a89f7 19605->19606 19607 1a8de9 _free 20 API calls 19606->19607 19608 1a8a02 19607->19608 19609 1a8de9 _free 20 API calls 19608->19609 19610 1a8a0d 19609->19610 19611 1a8de9 _free 20 API calls 19610->19611 19612 1a8a18 19611->19612 19613 1a8de9 _free 20 API calls 19612->19613 19614 1a8a23 19613->19614 19615 1a8de9 _free 20 API calls 19614->19615 19616 1a8a31 19615->19616 19621 1a886c 19616->19621 19627 1a8778 19621->19627 19623 1a8890 19624 1a88bc 19623->19624 19640 1a87d9 19624->19640 19626 1a88e0 19626->19594 19628 1a8784 __FrameHandler3::FrameUnwindToState 19627->19628 19635 1ab0d1 EnterCriticalSection 19628->19635 19630 1a87b8 19636 1a87cd 19630->19636 19631 1a878e 19631->19630 19634 1a8de9 _free 20 API calls 19631->19634 19633 1a87c5 __onexit 19633->19623 19634->19630 19635->19631 19639 1ab121 LeaveCriticalSection 19636->19639 19638 1a87d7 19638->19633 19639->19638 19641 1a87e5 __FrameHandler3::FrameUnwindToState 19640->19641 19648 1ab0d1 EnterCriticalSection 19641->19648 19643 1a87ef 19649 1a8a5a 19643->19649 19645 1a8802 19653 1a8818 19645->19653 19647 1a8810 __onexit 19647->19626 19648->19643 19650 1a8a90 __fassign 19649->19650 19651 1a8a69 __fassign 19649->19651 19650->19645 19651->19650 19652 1abba7 __fassign 20 API calls 19651->19652 19652->19650 19656 1ab121 LeaveCriticalSection 19653->19656 19655 1a8822 19655->19647 19656->19655 19682 1a9d80 19692 1ae367 19682->19692 19686 1a9d8d 19705 1ae448 19686->19705 19689 1a9db7 19690 1a8de9 _free 20 API calls 19689->19690 19691 1a9dc2 19690->19691 19709 1ae370 19692->19709 19694 1a9d88 19695 1ae21a 19694->19695 19696 1ae226 __FrameHandler3::FrameUnwindToState 19695->19696 19729 1ab0d1 EnterCriticalSection 19696->19729 19698 1ae29c 19743 1ae2b1 19698->19743 19700 1ae231 19700->19698 19702 1ae270 DeleteCriticalSection 19700->19702 19730 1af873 19700->19730 19701 1ae2a8 __onexit 19701->19686 19704 1a8de9 _free 20 API calls 19702->19704 19704->19700 19706 1ae45e 19705->19706 19707 1a9d9c DeleteCriticalSection 19705->19707 19706->19707 19708 1a8de9 _free 20 API calls 19706->19708 19707->19686 19707->19689 19708->19707 19710 1ae37c __FrameHandler3::FrameUnwindToState 19709->19710 19719 1ab0d1 EnterCriticalSection 19710->19719 19712 1ae41f 19724 1ae43f 19712->19724 19716 1ae38b 19716->19712 19718 1ae320 66 API calls 19716->19718 19720 1a9dcc EnterCriticalSection 19716->19720 19721 1ae415 19716->19721 19717 1ae42b __onexit 19717->19694 19718->19716 19719->19716 19720->19716 19727 1a9de0 LeaveCriticalSection 19721->19727 19723 1ae41d 19723->19716 19728 1ab121 LeaveCriticalSection 19724->19728 19726 1ae446 19726->19717 19727->19723 19728->19726 19729->19700 19731 1af87f __FrameHandler3::FrameUnwindToState 19730->19731 19732 1af890 19731->19732 19733 1af8a5 19731->19733 19734 1a517e _free 20 API calls 19732->19734 19741 1af8a0 __onexit 19733->19741 19746 1a9dcc EnterCriticalSection 19733->19746 19736 1af895 19734->19736 19738 1a4640 __mbsinc 26 API calls 19736->19738 19737 1af8c1 19747 1af7fd 19737->19747 19738->19741 19740 1af8cc 19763 1af8e9 19740->19763 19741->19700 20011 1ab121 LeaveCriticalSection 19743->20011 19745 1ae2b8 19745->19701 19746->19737 19748 1af80a 19747->19748 19749 1af81f 19747->19749 19750 1a517e _free 20 API calls 19748->19750 19761 1af81a 19749->19761 19766 1ae2ba 19749->19766 19751 1af80f 19750->19751 19753 1a4640 __mbsinc 26 API calls 19751->19753 19753->19761 19755 1ae448 20 API calls 19756 1af83b 19755->19756 19772 1a9c87 19756->19772 19758 1af841 19779 1b0af3 19758->19779 19761->19740 19762 1a8de9 _free 20 API calls 19762->19761 20010 1a9de0 LeaveCriticalSection 19763->20010 19765 1af8f1 19765->19741 19767 1ae2d2 19766->19767 19771 1ae2ce 19766->19771 19768 1a9c87 26 API calls 19767->19768 19767->19771 19769 1ae2f2 19768->19769 19794 1af46d 19769->19794 19771->19755 19773 1a9ca8 19772->19773 19774 1a9c93 19772->19774 19773->19758 19775 1a517e _free 20 API calls 19774->19775 19776 1a9c98 19775->19776 19777 1a4640 __mbsinc 26 API calls 19776->19777 19778 1a9ca3 19777->19778 19778->19758 19780 1b0b02 19779->19780 19781 1b0b17 19779->19781 19782 1a516b __dosmaperr 20 API calls 19780->19782 19783 1b0b52 19781->19783 19787 1b0b3e 19781->19787 19784 1b0b07 19782->19784 19785 1a516b __dosmaperr 20 API calls 19783->19785 19786 1a517e _free 20 API calls 19784->19786 19788 1b0b57 19785->19788 19792 1af847 19786->19792 19967 1b0acb 19787->19967 19790 1a517e _free 20 API calls 19788->19790 19791 1b0b5f 19790->19791 19793 1a4640 __mbsinc 26 API calls 19791->19793 19792->19761 19792->19762 19793->19792 19795 1af479 __FrameHandler3::FrameUnwindToState 19794->19795 19796 1af499 19795->19796 19797 1af481 19795->19797 19798 1af537 19796->19798 19802 1af4ce 19796->19802 19819 1a516b 19797->19819 19800 1a516b __dosmaperr 20 API calls 19798->19800 19803 1af53c 19800->19803 19822 1ab71d EnterCriticalSection 19802->19822 19806 1a517e _free 20 API calls 19803->19806 19804 1a517e _free 20 API calls 19807 1af48e __onexit 19804->19807 19809 1af544 19806->19809 19807->19771 19808 1af4d4 19810 1af4f0 19808->19810 19811 1af505 19808->19811 19812 1a4640 __mbsinc 26 API calls 19809->19812 19813 1a517e _free 20 API calls 19810->19813 19823 1af558 19811->19823 19812->19807 19815 1af4f5 19813->19815 19817 1a516b __dosmaperr 20 API calls 19815->19817 19816 1af500 19874 1af52f 19816->19874 19817->19816 19820 1a8b29 _abort 20 API calls 19819->19820 19821 1a5170 19820->19821 19821->19804 19822->19808 19824 1af586 19823->19824 19862 1af57f 19823->19862 19825 1af58a 19824->19825 19826 1af5a9 19824->19826 19828 1a516b __dosmaperr 20 API calls 19825->19828 19829 1af5fa 19826->19829 19830 1af5dd 19826->19830 19827 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 19831 1af760 19827->19831 19832 1af58f 19828->19832 19835 1af610 19829->19835 19877 1af7e2 19829->19877 19833 1a516b __dosmaperr 20 API calls 19830->19833 19831->19816 19834 1a517e _free 20 API calls 19832->19834 19836 1af5e2 19833->19836 19837 1af596 19834->19837 19880 1af0fd 19835->19880 19840 1a517e _free 20 API calls 19836->19840 19841 1a4640 __mbsinc 26 API calls 19837->19841 19843 1af5ea 19840->19843 19841->19862 19848 1a4640 __mbsinc 26 API calls 19843->19848 19844 1af61e 19846 1af622 19844->19846 19847 1af644 19844->19847 19845 1af657 19849 1af66b 19845->19849 19850 1af6b1 WriteFile 19845->19850 19851 1af718 19846->19851 19887 1af090 19846->19887 19892 1aeedd GetConsoleCP 19847->19892 19848->19862 19854 1af673 19849->19854 19855 1af6a1 19849->19855 19853 1af6d4 GetLastError 19850->19853 19858 1af63a 19850->19858 19851->19862 19863 1a517e _free 20 API calls 19851->19863 19853->19858 19859 1af678 19854->19859 19860 1af691 19854->19860 19918 1af173 19855->19918 19858->19851 19858->19862 19865 1af6f4 19858->19865 19859->19851 19903 1af252 19859->19903 19910 1af340 19860->19910 19862->19827 19864 1af73d 19863->19864 19867 1a516b __dosmaperr 20 API calls 19864->19867 19868 1af6fb 19865->19868 19869 1af70f 19865->19869 19867->19862 19871 1a517e _free 20 API calls 19868->19871 19925 1a5148 19869->19925 19872 1af700 19871->19872 19873 1a516b __dosmaperr 20 API calls 19872->19873 19873->19862 19966 1ab740 LeaveCriticalSection 19874->19966 19876 1af535 19876->19807 19930 1af764 19877->19930 19952 1ae486 19880->19952 19882 1af10d 19883 1af112 19882->19883 19884 1a8aa5 _abort 38 API calls 19882->19884 19883->19844 19883->19845 19885 1af135 19884->19885 19885->19883 19886 1af153 GetConsoleMode 19885->19886 19886->19883 19888 1af0ea 19887->19888 19891 1af0b5 19887->19891 19888->19858 19889 1b0a04 WriteConsoleW CreateFileW 19889->19891 19890 1af0ec GetLastError 19890->19888 19891->19888 19891->19889 19891->19890 19897 1af052 19892->19897 19901 1aef40 19892->19901 19893 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 19895 1af08c 19893->19895 19895->19858 19896 1a9258 40 API calls __fassign 19896->19901 19897->19893 19898 1aefc6 WideCharToMultiByte 19898->19897 19899 1aefec WriteFile 19898->19899 19900 1af075 GetLastError 19899->19900 19899->19901 19900->19897 19901->19896 19901->19897 19901->19898 19902 1af01d WriteFile 19901->19902 19961 1a8bfa 19901->19961 19902->19900 19902->19901 19908 1af261 19903->19908 19904 1af323 19905 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 19904->19905 19907 1af33c 19905->19907 19906 1af2df WriteFile 19906->19908 19909 1af325 GetLastError 19906->19909 19907->19858 19908->19904 19908->19906 19909->19904 19912 1af34f 19910->19912 19911 1af45a 19913 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 19911->19913 19912->19911 19914 1af3d1 WideCharToMultiByte 19912->19914 19917 1af406 WriteFile 19912->19917 19915 1af469 19913->19915 19916 1af452 GetLastError 19914->19916 19914->19917 19915->19858 19916->19911 19917->19912 19917->19916 19922 1af182 19918->19922 19919 1af235 19920 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 19919->19920 19924 1af24e 19920->19924 19921 1af1f4 WriteFile 19921->19922 19923 1af237 GetLastError 19921->19923 19922->19919 19922->19921 19923->19919 19924->19858 19926 1a516b __dosmaperr 20 API calls 19925->19926 19927 1a5153 _free 19926->19927 19928 1a517e _free 20 API calls 19927->19928 19929 1a5166 19928->19929 19929->19862 19939 1ab7f4 19930->19939 19932 1af776 19933 1af77e 19932->19933 19934 1af78f SetFilePointerEx 19932->19934 19935 1a517e _free 20 API calls 19933->19935 19936 1af783 19934->19936 19937 1af7a7 GetLastError 19934->19937 19935->19936 19936->19835 19938 1a5148 __dosmaperr 20 API calls 19937->19938 19938->19936 19940 1ab801 19939->19940 19941 1ab816 19939->19941 19942 1a516b __dosmaperr 20 API calls 19940->19942 19944 1a516b __dosmaperr 20 API calls 19941->19944 19947 1ab83b 19941->19947 19943 1ab806 19942->19943 19946 1a517e _free 20 API calls 19943->19946 19945 1ab846 19944->19945 19948 1a517e _free 20 API calls 19945->19948 19949 1ab80e 19946->19949 19947->19932 19950 1ab84e 19948->19950 19949->19932 19951 1a4640 __mbsinc 26 API calls 19950->19951 19951->19949 19953 1ae493 19952->19953 19954 1ae4a0 19952->19954 19955 1a517e _free 20 API calls 19953->19955 19956 1a517e _free 20 API calls 19954->19956 19957 1ae4ac 19954->19957 19959 1ae498 19955->19959 19958 1ae4cd 19956->19958 19957->19882 19960 1a4640 __mbsinc 26 API calls 19958->19960 19959->19882 19960->19959 19962 1a8aa5 _abort 38 API calls 19961->19962 19963 1a8c05 19962->19963 19964 1a8d51 __fassign 38 API calls 19963->19964 19965 1a8c15 19964->19965 19965->19901 19966->19876 19970 1b0a49 19967->19970 19969 1b0aef 19969->19792 19971 1b0a55 __FrameHandler3::FrameUnwindToState 19970->19971 19981 1ab71d EnterCriticalSection 19971->19981 19973 1b0a63 19974 1b0a8a 19973->19974 19975 1b0a95 19973->19975 19982 1b0b72 19974->19982 19977 1a517e _free 20 API calls 19975->19977 19978 1b0a90 19977->19978 19997 1b0abf 19978->19997 19980 1b0ab2 __onexit 19980->19969 19981->19973 19983 1ab7f4 26 API calls 19982->19983 19986 1b0b82 19983->19986 19984 1b0b88 20000 1ab763 19984->20000 19986->19984 19989 1ab7f4 26 API calls 19986->19989 19996 1b0bba 19986->19996 19987 1ab7f4 26 API calls 19990 1b0bc6 CloseHandle 19987->19990 19991 1b0bb1 19989->19991 19990->19984 19992 1b0bd2 GetLastError 19990->19992 19995 1ab7f4 26 API calls 19991->19995 19992->19984 19993 1a5148 __dosmaperr 20 API calls 19994 1b0c02 19993->19994 19994->19978 19995->19996 19996->19984 19996->19987 20009 1ab740 LeaveCriticalSection 19997->20009 19999 1b0ac9 19999->19980 20001 1ab7d9 20000->20001 20002 1ab772 20000->20002 20003 1a517e _free 20 API calls 20001->20003 20002->20001 20008 1ab79c 20002->20008 20004 1ab7de 20003->20004 20005 1a516b __dosmaperr 20 API calls 20004->20005 20006 1ab7c9 20005->20006 20006->19993 20006->19994 20007 1ab7c3 SetStdHandle 20007->20006 20008->20006 20008->20007 20009->19999 20010->19765 20011->19745 17057 1921b0 17058 1921e5 ___scrt_fastfail 17057->17058 17059 1923e1 17058->17059 17060 1921f4 17058->17060 17062 192447 17059->17062 17063 1923e6 17059->17063 17061 192228 17060->17061 17065 192269 GetWindowRect GetModuleHandleW GetProcAddress GetVersionExW 17060->17065 17066 192201 17060->17066 17064 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17061->17064 17062->17061 17071 193b30 6 API calls 17062->17071 17067 19241a InvalidateRect 17063->17067 17068 1923ee 17063->17068 17072 192479 17064->17072 17069 1923b5 SetTimer DefWindowProcW 17065->17069 17070 1922e6 17065->17070 17073 192230 KillTimer InterlockedExchange DefWindowProcW 17066->17073 17074 192206 17066->17074 17075 192428 DefWindowProcW 17067->17075 17068->17075 17076 1923f6 DefWindowProcW 17068->17076 17079 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17069->17079 17077 192361 17070->17077 17084 1922f9 17070->17084 17085 192330 17070->17085 17078 19245b ShutdownBlockReasonCreate 17071->17078 17082 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17073->17082 17074->17075 17080 19220f 17074->17080 17083 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17075->17083 17081 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17076->17081 17077->17069 17088 192363 LoadLibraryW 17077->17088 17078->17061 17086 1923db 17079->17086 17103 191fc0 17080->17103 17089 192414 17081->17089 17090 192263 17082->17090 17091 192441 17083->17091 17084->17088 17092 192305 SetTimer DefWindowProcW 17084->17092 17085->17088 17094 192335 SetTimer DefWindowProcW 17085->17094 17095 1923af 17088->17095 17096 192374 GetProcAddress 17088->17096 17097 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17092->17097 17098 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17094->17098 17095->17069 17099 1923a8 FreeLibrary 17096->17099 17100 19238a 17096->17100 17101 19232a 17097->17101 17102 19235b 17098->17102 17099->17095 17100->17099 17104 19212f 17103->17104 17119 191ff9 17103->17119 17105 1a0aca 5 API calls 17104->17105 17108 192139 17105->17108 17106 1a0aca 5 API calls 17111 192175 17106->17111 17107 19204f CreateSolidBrush 17110 19205f CreateSolidBrush 17107->17110 17109 192149 CreateSolidBrush 17108->17109 17108->17119 17113 1a0a80 4 API calls 17109->17113 17114 19206f BeginPaint 17110->17114 17115 192185 CreateSolidBrush 17111->17115 17123 19200a 17111->17123 17112 192017 17116 19201c CreateSolidBrush 17112->17116 17118 19202e 17112->17118 17113->17119 17120 192081 FillRect FillRect EndPaint 17114->17120 17121 1a0a80 4 API calls 17115->17121 17116->17110 17117 19203d CreateSolidBrush 17117->17110 17118->17114 17118->17117 17119->17106 17119->17123 17124 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17120->17124 17121->17123 17123->17107 17123->17112 17125 19212b 17124->17125 17125->17061 17126 192ba0 17129 192e10 try_get_first_available_module 17126->17129 17127 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17128 19316b 17127->17128 17130 193171 17129->17130 17135 192e94 BuildCatchObjectHelperInternal 17129->17135 17149 193144 17129->17149 17131 193bf0 45 API calls 17130->17131 17132 193176 17131->17132 17133 193bf0 45 API calls 17132->17133 17134 19317b 17133->17134 17136 1a4650 26 API calls 17134->17136 17135->17132 17139 192f2d 17135->17139 17137 193180 17136->17137 17138 193e50 45 API calls 17140 193039 17138->17140 17139->17134 17139->17138 17141 193e50 45 API calls 17140->17141 17147 193048 17141->17147 17142 193099 FindResourceW 17143 1930af LoadResource SizeofResource 17142->17143 17146 193118 17142->17146 17145 1930cf 17143->17145 17143->17146 17145->17146 17148 1930d3 CreateFileW 17145->17148 17146->17134 17146->17149 17147->17142 17151 1a5043 17147->17151 17148->17146 17150 1930fb WriteFile CloseHandle 17148->17150 17149->17127 17150->17146 17154 1a4f7a 17151->17154 17155 1a4f91 17154->17155 17162 1a4fa9 17154->17162 17156 1a4dd3 __fassign 38 API calls 17155->17156 17157 1a4f9c 17156->17157 17158 1a5007 17157->17158 17159 1a4fd7 17157->17159 17157->17162 17163 1a8dab 17158->17163 17161 1a8c20 GetStringTypeW 17159->17161 17161->17162 17162->17147 17164 1a8db8 17163->17164 17167 1ab40c 17164->17167 17168 1ab138 _abort 5 API calls 17167->17168 17169 1ab433 17168->17169 17172 1ab43c 17169->17172 17175 1ab494 17169->17175 17173 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17172->17173 17174 1a8de6 17173->17174 17174->17162 17176 1ab138 _abort 5 API calls 17175->17176 17177 1ab4bb 17176->17177 17178 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17177->17178 17179 1ab47c LCMapStringW 17178->17179 17179->17172 14683 1a05f8 14684 1a0608 14683->14684 14687 197ae6 14684->14687 14713 197847 14687->14713 14689 197af6 14690 197b53 14689->14690 14697 197b77 14689->14697 14691 197a84 DloadReleaseSectionWriteAccess 8 API calls 14690->14691 14692 197b5e RaiseException 14691->14692 14693 197d4c 14692->14693 14694 197bef LoadLibraryExA 14695 197c50 14694->14695 14696 197c02 GetLastError 14694->14696 14698 197c5b FreeLibrary 14695->14698 14702 197c62 14695->14702 14699 197c2b 14696->14699 14700 197c15 14696->14700 14697->14694 14697->14695 14697->14702 14708 197d1e 14697->14708 14698->14702 14703 197a84 DloadReleaseSectionWriteAccess 8 API calls 14699->14703 14700->14695 14700->14699 14701 197cc0 GetProcAddress 14704 197cd0 GetLastError 14701->14704 14701->14708 14702->14701 14702->14708 14705 197c36 RaiseException 14703->14705 14706 197ce3 14704->14706 14705->14693 14706->14708 14709 197a84 DloadReleaseSectionWriteAccess 8 API calls 14706->14709 14724 197a84 14708->14724 14710 197d04 RaiseException 14709->14710 14711 197847 DloadAcquireSectionWriteAccess 8 API calls 14710->14711 14712 197d1b 14711->14712 14712->14708 14714 197879 14713->14714 14715 197853 14713->14715 14714->14689 14732 1978ed 14715->14732 14717 197858 14718 197874 14717->14718 14737 197a16 14717->14737 14742 19787a 14718->14742 14722 197adb 14722->14689 14723 197ad7 RtlReleaseSRWLockExclusive 14723->14689 14725 197ab8 14724->14725 14726 197a96 14724->14726 14725->14693 14727 1978ed DloadAcquireSectionWriteAccess 4 API calls 14726->14727 14728 197a9b 14727->14728 14729 197ab3 14728->14729 14730 197a16 DloadProtectSection 3 API calls 14728->14730 14752 197aba 14729->14752 14730->14729 14733 19787a DloadGetSRWLockFunctionPointers 3 API calls 14732->14733 14734 1978f2 14733->14734 14735 19790a RtlAcquireSRWLockExclusive 14734->14735 14736 19790e 14734->14736 14735->14717 14736->14717 14738 197a2b DloadObtainSection 14737->14738 14739 197a66 VirtualProtect 14738->14739 14740 197a31 14738->14740 14748 19792c VirtualQuery 14738->14748 14739->14740 14740->14718 14743 197888 14742->14743 14745 19789d 14742->14745 14744 19788c GetModuleHandleW 14743->14744 14743->14745 14744->14745 14746 1978a1 GetProcAddress 14744->14746 14745->14722 14745->14723 14746->14745 14747 1978b1 GetProcAddress 14746->14747 14747->14745 14749 197947 14748->14749 14750 197952 GetSystemInfo 14749->14750 14751 197989 14749->14751 14750->14751 14751->14739 14753 19787a DloadGetSRWLockFunctionPointers 3 API calls 14752->14753 14754 197abf 14753->14754 14755 197adb 14754->14755 14756 197ad7 RtlReleaseSRWLockExclusive 14754->14756 14755->14725 14756->14725 18187 1abee1 18190 1abf07 18187->18190 18191 1abf03 18187->18191 18188 1a0bbe __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 18189 1abf69 18188->18189 18190->18191 18192 1a9f80 31 API calls 18190->18192 18191->18188 18192->18190

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 001952F0 Relevance: 229.8, APIs: 95, Strings: 35, Instructions: 2278synchronizationfileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000103), ref: 0019548F
                                                                                                                                                                              • Part of subcall function 00197FE0: GetVersionExW.KERNEL32(?), ref: 00198004
                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 001954D6
                                                                                                                                                                              • Part of subcall function 00197E70: OpenProcessToken.ADVAPI32(001954E2,00000008,?,BE732AEF,?,00000000), ref: 00197EAC
                                                                                                                                                                              • Part of subcall function 00197E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,001B20C0), ref: 00197ED9
                                                                                                                                                                              • Part of subcall function 00197E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00197F15
                                                                                                                                                                              • Part of subcall function 00197E70: IsValidSid.ADVAPI32 ref: 00197F22
                                                                                                                                                                              • Part of subcall function 00197E70: GetSidSubAuthorityCount.ADVAPI32 ref: 00197F31
                                                                                                                                                                              • Part of subcall function 00197E70: GetSidSubAuthority.ADVAPI32(?,?), ref: 00197F3D
                                                                                                                                                                              • Part of subcall function 00197E70: CloseHandle.KERNELBASE(00000000), ref: 00197F4F
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,0000052F), ref: 001954FC
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 0019550A
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000000C1), ref: 00195593
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 001955A2
                                                                                                                                                                            • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 001955D9
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001955E9
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000420), ref: 00195602
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001975E3
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001975F4
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00197605
                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 001976A1
                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 001976B3
                                                                                                                                                                            • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 001976EF
                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00197707
                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00197718
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0019771F
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 00197817
                                                                                                                                                                              • Part of subcall function 00193B70: #17.COMCTL32 ref: 00193B84
                                                                                                                                                                              • Part of subcall function 00193B70: LoadStringW.USER32(00190000,000003E9,?,00000000), ref: 00193BA1
                                                                                                                                                                              • Part of subcall function 00193B70: LoadStringW.USER32(00190000,?,?,00000000), ref: 00193BBA
                                                                                                                                                                              • Part of subcall function 00193B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00193BCF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExchangeInterlocked$CloseHandle$LoadToken$AuthorityCreateInformationMutexProcessString_wcsrchr$CopyCountCurrentErrorFileHardHelper2@8LastLinkMessageOpenReleaseValidVersion___delay
                                                                                                                                                                            • String ID: $ /cookie:$ /edat_dir:$ /ga_clientid:$ /sub_edition:$%s\%s$/cookie$/cust_ini$/ppi_icd$/silent$/smbupd$AuthorizationType$Avast One$D$Enabled$Password$Port$Properties$ProxySettings$ProxyType$User$User-Agent: avast! Antivirus (instup)$allow_fallback$avcfg://settings/Common/VersionSwitch$count$enable$http://$https://$installer.exe$mirror$server0$servers$stable$urlpgm${versionSwitch}
                                                                                                                                                                            • API String ID: 1722064709-657827273
                                                                                                                                                                            • Opcode ID: 3b0e2bacb51f54af0e5b89843ea54b1b89921d693f16a65ee714ff73f29a12d1
                                                                                                                                                                            • Instruction ID: 380f49620b029441710a2a38ffc767bc2ef64f1cba82ecfe02c30c7a7a7750cd
                                                                                                                                                                            • Opcode Fuzzy Hash: 3b0e2bacb51f54af0e5b89843ea54b1b89921d693f16a65ee714ff73f29a12d1
                                                                                                                                                                            • Instruction Fuzzy Hash: E5237871E012289BEF24DB64CC45BEEB7B8AF55304F1042D9E519A3192EB70ABC5CF61
                                                                                                                                                                            Function 001927B0 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 331COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 646 1927b0-1927ce 647 1927d9 646->647 648 1927d0-1927d2 646->648 650 1927db-1927dd 647->650 648->647 649 1927d4-1927d7 648->649 649->650 651 1927df-1927e3 650->651 652 1927e5 650->652 651->652 653 1927e7-192808 call 193b30 651->653 652->653 657 19280a-192812 GetLastError 653->657 658 192817-19282f 653->658 659 192b75-192b90 SetLastError call 1a0bbe 657->659 662 19283e-19286a 658->662 663 192831-192839 GetLastError 658->663 667 192879-19287d 662->667 668 19286c-192874 GetLastError 662->668 665 192b6c 663->665 665->659 669 19287f-192884 667->669 670 1928b6-1928b9 667->670 671 192b62-192b6b 668->671 669->670 672 192886-1928b0 669->672 673 1928bb-1928d5 670->673 674 192924-192934 670->674 671->665 672->670 682 192b53-192b59 GetLastError 672->682 673->682 684 1928db-1928ec call 197fe0 673->684 675 192981-192983 674->675 676 192936-192938 674->676 681 192988-1929a3 675->681 676->675 679 19293a-19293d 676->679 679->675 683 19293f-19294c GetFileSizeEx 679->683 681->682 692 1929a9-1929b4 681->692 685 192b5b 682->685 683->682 686 192952-192955 683->686 695 1928ee 684->695 696 1928f5-19291e 684->696 685->671 689 192985 686->689 690 192957-19295a 686->690 689->681 693 19295c-19295e 690->693 694 192960-19297f wsprintfW 690->694 692->682 698 1929ba-1929db 692->698 693->689 693->694 694->681 695->696 696->674 696->682 698->682 702 1929e1-1929ed 698->702 702->685 703 1929f3-1929f9 702->703 703->685 704 1929ff-192a03 703->704 705 192a43-192a60 704->705 706 192a05-192a0b 704->706 711 192a73-192a77 705->711 712 192a62-192a6d GetLastError 705->712 706->705 707 192a0d-192a28 SetFilePointerEx 706->707 707->682 708 192a2e-192a39 SetEndOfFile 707->708 708->682 710 192a3f 708->710 710->705 713 192a79-192a7e 711->713 714 192a8a-192aa3 GetProcessHeap RtlAllocateHeap 711->714 712->682 712->711 713->714 715 192a80-192a84 InterlockedExchange 713->715 714->682 716 192aa9-192aae 714->716 715->714 717 192ab0-192ac5 716->717 719 192afe-192b04 GetLastError 717->719 720 192ac7-192ade WriteFile 717->720 722 192b06-192b0b 719->722 720->719 721 192ae0-192aea 720->721 723 192aec-192aee InterlockedExchangeAdd 721->723 724 192af4-192af7 721->724 725 192b0d-192b0f 722->725 726 192b3c-192b51 GetProcessHeap RtlFreeHeap 722->726 723->724 724->722 727 192af9-192afc 724->727 725->726 728 192b11-192b25 SetFilePointerEx 725->728 726->685 727->717 729 192b34-192b3a GetLastError 728->729 730 192b27-192b32 SetEndOfFile 728->730 729->726 730->726 730->729
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$FileSizewsprintf
                                                                                                                                                                            • String ID: %hs%d-$AMD64$Range: bytes=
                                                                                                                                                                            • API String ID: 297799064-1968478037
                                                                                                                                                                            • Opcode ID: 1474cbf40201d17d2176750fab66d5bdb4bac9a9eef00d9e49be1f2c2a4d6001
                                                                                                                                                                            • Instruction ID: 46330652c090323a7a714d320f305281bcc419dadc246ea2db3c71bff0e8cbf1
                                                                                                                                                                            • Opcode Fuzzy Hash: 1474cbf40201d17d2176750fab66d5bdb4bac9a9eef00d9e49be1f2c2a4d6001
                                                                                                                                                                            • Instruction Fuzzy Hash: 80C14B71A00305FBEF259FA5DC48FAEBBB8AF08740F144519F916EA690DB70D995CB20
                                                                                                                                                                            Function 0019BB70 Relevance: 39.3, APIs: 13, Strings: 9, Instructions: 777filelibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 783 19bb70-19bbdd GetVersion 784 19bbe8-19bbf0 783->784 785 19bbdf-19bbe6 783->785 787 19bcf5-19bd2c GetModuleHandleW GetProcAddress 784->787 788 19bbf6-19bc11 GetModuleHandleW GetProcAddress 784->788 786 19bc58-19bc92 call 1a5191 * 3 call 1a0bbe 785->786 790 19bf1a 787->790 791 19bd32-19bd71 787->791 788->786 792 19bc13-19bc2c GetSystemFirmwareTable 788->792 794 19bf1c 790->794 791->790 813 19bd77-19bd95 MapViewOfFile 791->813 799 19bc2e-19bc4c call 1a5196 792->799 800 19bc55 792->800 797 19bf21-19bf2d 794->797 802 19bf39-19bf3b 797->802 803 19bf2f-19bf36 CloseHandle 797->803 814 19bc4e 799->814 815 19bc93-19bcbd call 1a1ee0 GetSystemFirmwareTable 799->815 800->786 806 19c45d-19c45f 802->806 807 19bf41-19bf59 call 19cb00 802->807 803->802 806->786 809 19c465-19c46c UnmapViewOfFile 806->809 822 19bf5b-19bf75 call 19c490 807->822 823 19bf87-19bf9f call 19cb00 807->823 809->786 818 19bd9b-19bd9f 813->818 819 19bf16-19bf18 813->819 814->800 815->800 843 19bcbf-19bccd 815->843 824 19bda0-19bda6 818->824 819->794 834 19bf7f-19bf83 822->834 835 19bf77 822->835 838 19bfa1-19bfc2 call 19c490 * 2 823->838 839 19bfc5-19bfdd call 19cb00 823->839 826 19bda8-19bdb3 824->826 827 19bdb5-19bdbe 824->827 826->824 826->827 831 19bf12-19bf14 827->831 832 19bdc4-19bdc9 827->832 831->794 832->831 836 19bdcf-19bdd1 832->836 834->823 835->823 840 19bf79-19bf7d 835->840 841 19bddb-19bde7 836->841 842 19bdd3-19bdd5 836->842 838->839 851 19bfdf-19c000 call 19c490 * 2 839->851 852 19c003-19c01b call 19cb00 839->852 840->823 840->834 841->831 848 19bded-19bdf4 841->848 842->831 842->841 846 19bcdc-19bcf0 843->846 847 19bccf-19bcd7 843->847 846->807 847->800 848->831 853 19bdfa-19be02 848->853 851->852 863 19c01d-19c031 852->863 864 19c05c 852->864 853->831 857 19be08-19be10 853->857 857->831 861 19be16-19be25 857->861 861->831 865 19be2b-19be67 UnmapViewOfFile MapViewOfFile 861->865 868 19c03b-19c059 call 19c490 * 2 863->868 869 19c033 863->869 866 19c060-19c070 call 19b780 864->866 870 19bf0d-19bf10 865->870 871 19be6d-19be8d call 1a5196 865->871 879 19c471-19c476 call 199da0 866->879 880 19c076-19c0ae call 19cb00 866->880 868->864 869->864 873 19c035-19c039 869->873 870->794 882 19be9f-19bedd call 1a1ee0 call 1a17c0 UnmapViewOfFile 871->882 883 19be8f-19be9a 871->883 873->864 873->868 888 19c47b-19c485 call 199da0 879->888 897 19c389-19c39e 880->897 898 19c0b4-19c0b9 880->898 882->797 883->797 899 19c3a0-19c3b0 897->899 900 19c3b7-19c3bc 897->900 901 19c0cb-19c0e2 call 19c490 898->901 902 19c0bb 898->902 922 19c3b4 899->922 903 19c3be 900->903 904 19c3c7-19c3dd call 19cb00 900->904 916 19c0e8-19c108 901->916 917 19c1a5-19c1b9 call 19c490 901->917 905 19c0c1-19c0c5 902->905 906 19c352-19c367 902->906 910 19c3fc 903->910 911 19c3c0-19c3c5 903->911 928 19c3df-19c3f4 call 19c490 904->928 929 19c3f7-19c3fa 904->929 905->901 905->906 913 19c369-19c379 906->913 914 19c37d-19c381 906->914 918 19c3fe 910->918 919 19c407-19c420 call 19cb00 910->919 911->904 920 19c403-19c405 911->920 913->914 914->866 915 19c387 914->915 915->922 916->888 923 19c10e-19c110 916->923 939 19c27c-19c293 call 19c490 917->939 940 19c1bf-19c1df 917->940 925 19c400 918->925 926 19c457 918->926 931 19c45a 919->931 941 19c422-19c455 call 19c490 * 3 919->941 920->919 920->926 922->900 932 19c112-19c114 923->932 933 19c116-19c123 call 1a5637 923->933 925->920 926->931 928->929 929->910 931->806 937 19c125-19c131 932->937 933->937 937->888 946 19c137-19c139 937->946 939->906 955 19c299-19c2b6 939->955 940->888 944 19c1e5-19c1e7 940->944 941->931 948 19c1e9-19c1eb 944->948 949 19c1ed-19c1fa call 1a5637 944->949 946->888 951 19c13f-19c153 946->951 953 19c1fc-19c208 948->953 949->953 956 19c168 951->956 957 19c155-19c166 call 19c8c0 951->957 953->888 962 19c20e-19c210 953->962 955->888 960 19c2bc-19c2be 955->960 964 19c16b-19c193 call 19cfb0 956->964 957->964 965 19c2c0-19c2c2 960->965 966 19c2c4-19c2d1 call 1a5637 960->966 962->888 968 19c216-19c22a 962->968 964->888 978 19c199-19c1a1 964->978 972 19c2d3-19c2df 965->972 966->972 974 19c22c-19c23d call 19c8c0 968->974 975 19c23f 968->975 972->888 977 19c2e5-19c2e7 972->977 979 19c242-19c26a call 19cfb0 974->979 975->979 977->888 983 19c2ed-19c301 977->983 978->917 979->888 989 19c270-19c278 979->989 985 19c303-19c314 call 19c8c0 983->985 986 19c316 983->986 990 19c319-19c343 call 19cfb0 985->990 986->990 989->939 990->888 994 19c349-19c34e 990->994 994->906
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetVersion.KERNEL32(BE732AEF,00000000,00000000), ref: 0019BBCD
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 0019BC00
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0019BC07
                                                                                                                                                                            • GetSystemFirmwareTable.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0019BC26
                                                                                                                                                                            • GetSystemFirmwareTable.KERNELBASE ref: 0019BCB9
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll,NtOpenSection), ref: 0019BD1B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 0019BD22
                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000004,00000000,000F0000,00010000), ref: 0019BD88
                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0019BE31
                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,00000004,00000000,?,?), ref: 0019BE5A
                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0019BECA
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0019BF30
                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000), ref: 0019C466
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileView$HandleUnmap$AddressFirmwareModuleProcSystemTable$CloseVersion
                                                                                                                                                                            • String ID: ,$@$GetSystemFirmwareTable$NtOpenSection$W$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                            • API String ID: 26960555-752303837
                                                                                                                                                                            • Opcode ID: d8189c1d4d9aa7c895878948390985af824d29950f389f1246269f814848218c
                                                                                                                                                                            • Instruction ID: 768701db28639bfe8d1f5b682acd35bc969c2b6b7010b50d42b950d676f0787e
                                                                                                                                                                            • Opcode Fuzzy Hash: d8189c1d4d9aa7c895878948390985af824d29950f389f1246269f814848218c
                                                                                                                                                                            • Instruction Fuzzy Hash: A952BEB1E006589FDF10CFA8CC55AAEBBB9BF59314F184119E995EB381D730A942CB90
                                                                                                                                                                            Function 00191930 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 243commemoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 995 191930-191960 FindResourceW 996 1919d1-1919d6 995->996 997 191962-191977 SizeofResource LoadResource 995->997 998 191bd9-191beb call 1a0bbe 996->998 999 1919dc-1919ee CoInitializeEx 996->999 997->996 1000 191979-191984 LockResource 997->1000 1001 1919f4-191a0e CoCreateInstance 999->1001 1002 191a96-191a9b 999->1002 1000->996 1004 191986-191995 GlobalAlloc 1000->1004 1001->1002 1005 191a14-191a2c 1001->1005 1006 191aad-191ab2 1002->1006 1007 191a9d-191aab 1002->1007 1004->996 1009 191997-1919a0 GlobalLock 1004->1009 1005->1002 1024 191a2e-191a4a 1005->1024 1012 191ab8-191ae7 1006->1012 1013 191bb5-191bd8 call 1a0bbe 1006->1013 1007->1006 1010 1919c3-1919c8 1009->1010 1011 1919a2-1919bd call 1a17c0 GlobalUnlock CreateStreamOnHGlobal 1009->1011 1010->999 1017 1919ca-1919cb GlobalFree 1010->1017 1011->1010 1025 191aed-191af2 1012->1025 1026 191ba5-191bb3 1012->1026 1017->996 1024->1002 1035 191a4c-191a50 1024->1035 1025->1026 1028 191af8-191afd 1025->1028 1026->1013 1028->1026 1031 191b03-191b68 GetDC CreateDIBSection ReleaseDC 1028->1031 1031->1026 1033 191b6a-191b8f 1031->1033 1038 191b91-191b93 1033->1038 1035->1002 1037 191a52-191a70 1035->1037 1037->1002 1042 191a72-191a7e call 197809 1037->1042 1038->1026 1040 191b95-191b9e DeleteObject 1038->1040 1040->1026 1044 191a83-191a94 1042->1044 1044->1002
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?), ref: 00191956
                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,?), ref: 00191964
                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,?), ref: 0019196F
                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,?), ref: 0019197A
                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000002,?,?,?,?), ref: 0019198B
                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00191998
                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 001919B0
                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?), ref: 001919BD
                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 001919CB
                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,?), ref: 001919E6
                                                                                                                                                                            • CoCreateInstance.OLE32(001B3EF4,00000000,00000001,001B366C,?,?,?,?), ref: 00191A06
                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00191B3B
                                                                                                                                                                            • CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 00191B52
                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00191B5E
                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00191B98
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Global$Resource$Create$Lock$AllocDeleteFindFreeInitializeInstanceLoadObjectReleaseSectionSizeofStreamUnlock
                                                                                                                                                                            • String ID: ($PNG
                                                                                                                                                                            • API String ID: 3552602207-4064097209
                                                                                                                                                                            • Opcode ID: 6ab4655bb2887c580c03b65792c39cce4eeb0d764dc23f17abd01932b0f7c2d5
                                                                                                                                                                            • Instruction ID: 26cc566039fc641e231f4442ae48a65ea84e41cbf8a489774e82dc55a4ebd900
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ab4655bb2887c580c03b65792c39cce4eeb0d764dc23f17abd01932b0f7c2d5
                                                                                                                                                                            • Instruction Fuzzy Hash: 84918075A01229AFDF00DFA5DC88BAEBBB9FF48700F104159F515A7250DB309E81CBA0
                                                                                                                                                                            Function 001941B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 132stringtimeCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 001941D4
                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001941ED
                                                                                                                                                                            • GetVersionExA.KERNEL32(0000009C,?,?,00989680,00000000), ref: 00194217
                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?), ref: 0019422E
                                                                                                                                                                            • wsprintfA.USER32 ref: 001942DC
                                                                                                                                                                            • wsprintfA.USER32 ref: 001942FF
                                                                                                                                                                            • lstrcatA.KERNEL32(?,?), ref: 00194316
                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0019436E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: SystemTimewsprintf$FileInfoNativeUnothrow_t@std@@@Version__ehfuncinfo$??2@lstrcatlstrlen
                                                                                                                                                                            • String ID: status=%08lxstatus_microstub=%08lx%08lx$AMD64$cookie=%lsedition=%ldevent=%smidex=%lsstat_session=%lsstatsSendTime=%I64dos=win,%d,%d,%d,%d,%d,%s%sexe_version=%lsSfxVersion=%ls$microstub$srv
                                                                                                                                                                            • API String ID: 2179732243-3440893326
                                                                                                                                                                            • Opcode ID: 032603076cb7c717800774024c40d4e719487f02300f0305a1a2c5ecb3ab839d
                                                                                                                                                                            • Instruction ID: c37fcead59dec92c8fb6dc5b3ad5c47c5c03093dff7994b968f74b0b5d4388e3
                                                                                                                                                                            • Opcode Fuzzy Hash: 032603076cb7c717800774024c40d4e719487f02300f0305a1a2c5ecb3ab839d
                                                                                                                                                                            • Instruction Fuzzy Hash: 67514EB1A002289FCF61DF64CD44BDABBB9EF48305F0042D5EA09E7151EB719AA4DF54
                                                                                                                                                                            Function 001938C0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1126 1938c0-1938f1 CreateFileMappingW 1127 193900-193914 MapViewOfFile 1126->1127 1128 1938f3-1938fb GetLastError 1126->1128 1130 193920-19392d FindResourceW 1127->1130 1131 193916-19391e GetLastError 1127->1131 1129 193996-1939b1 SetLastError call 1a0bbe 1128->1129 1134 19397f-193985 GetLastError 1130->1134 1135 19392f-193939 LoadResource 1130->1135 1133 19398e-193995 CloseHandle 1131->1133 1133->1129 1136 193987-193988 UnmapViewOfFile 1134->1136 1135->1134 1138 19393b-193953 call 1a0602 1135->1138 1136->1133 1138->1134 1141 193955-19397d wsprintfW 1138->1141 1141->1136
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(?,00000000,01000002,00000000,00000000,00000000,?), ref: 001938E7
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001938F3
                                                                                                                                                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?), ref: 0019390A
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00193916
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0019398F
                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 00193997
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$File$CloseCreateHandleMappingView
                                                                                                                                                                            • String ID: %d.%d.%d.%d
                                                                                                                                                                            • API String ID: 1867540158-3491811756
                                                                                                                                                                            • Opcode ID: 81ee9b195a0bdb5045c16cbac2bd057749f40cc5be644e433ad6e5bf1f25453c
                                                                                                                                                                            • Instruction ID: 2fa5ed015906432ea4a67409d4ace41065338f443d88869d1f3fd505d41e3567
                                                                                                                                                                            • Opcode Fuzzy Hash: 81ee9b195a0bdb5045c16cbac2bd057749f40cc5be644e433ad6e5bf1f25453c
                                                                                                                                                                            • Instruction Fuzzy Hash: 3021A275A00214BBDB20AF658C49FBBBB6CEF49B55F104259FD26E6280DB709A50C760
                                                                                                                                                                            Function 0019A100 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 329fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1349 19a100-19a148 call 19b780 1352 19a14e-19a1b7 GetVersion call 199ff0 CreateFileW 1349->1352 1353 19a4b7-19a4bc call 199da0 1349->1353 1364 19a1b9-19a1c2 GetLastError 1352->1364 1365 19a1c7-19a1db call 1a5196 1352->1365 1356 19a4c1-19a4c6 call 199da0 1353->1356 1359 19a4cb-19a4d0 call 199da0 1356->1359 1363 19a4d5-19a4da call 19cc40 1359->1363 1367 19a46e-19a482 call 1a5191 1364->1367 1372 19a1e9-19a229 call 1a1ee0 DeviceIoControl 1365->1372 1373 19a1dd-19a1e4 1365->1373 1375 19a498-19a4b6 call 1a0bbe 1367->1375 1376 19a484-19a494 1367->1376 1381 19a239-19a23e 1372->1381 1382 19a22b-19a234 GetLastError 1372->1382 1377 19a465-19a468 CloseHandle 1373->1377 1376->1375 1377->1367 1385 19a45e 1381->1385 1386 19a244-19a247 1381->1386 1382->1377 1385->1377 1386->1385 1387 19a24d-19a252 1386->1387 1388 19a258 1387->1388 1389 19a41b-19a420 1387->1389 1390 19a25a-19a25f 1388->1390 1391 19a265-19a273 call 19b780 1388->1391 1392 19a438-19a43d 1389->1392 1393 19a422-19a436 call 19cb70 call 19cc50 1389->1393 1390->1389 1390->1391 1391->1356 1402 19a279-19a29b 1391->1402 1395 19a440-19a445 1392->1395 1393->1377 1395->1395 1398 19a447-19a45c call 19cb70 call 19cc50 1395->1398 1398->1377 1402->1359 1409 19a2a1-19a2b0 1402->1409 1410 19a2be-19a2d7 call 19cdd0 1409->1410 1411 19a2b2-19a2bb call 19c8c0 1409->1411 1416 19a2d9-19a2db 1410->1416 1417 19a2dd-19a2eb call 1a5637 1410->1417 1411->1410 1418 19a2f1-19a2f4 1416->1418 1417->1359 1417->1418 1418->1359 1421 19a2fa-19a30e 1418->1421 1422 19a3e2-19a3f3 1421->1422 1423 19a314-19a321 1421->1423 1424 19a40e-19a419 call 19cc50 1422->1424 1425 19a3f5-19a40b 1422->1425 1426 19a3d7-19a3dd call 19cb70 1423->1426 1427 19a327-19a32e 1423->1427 1424->1377 1425->1424 1426->1422 1427->1426 1430 19a334-19a354 1427->1430 1436 19a362-19a37f 1430->1436 1437 19a356-19a358 1430->1437 1436->1363 1444 19a385-19a39e call 19cfb0 1436->1444 1437->1436 1438 19a35a-19a360 1437->1438 1439 19a3a1-19a3ae 1438->1439 1441 19a3ca-19a3d5 1439->1441 1442 19a3b0-19a3c7 1439->1442 1441->1422 1442->1441 1444->1439
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetVersion.KERNEL32 ref: 0019A180
                                                                                                                                                                            • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 0019A1A9
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0019A1B9
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0019A468
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateErrorFileHandleLastVersion
                                                                                                                                                                            • String ID: SCSIDISK$\\.\PhysicalDrive%u$\\.\Scsi%u:
                                                                                                                                                                            • API String ID: 1515857667-131545429
                                                                                                                                                                            • Opcode ID: 96f6a9e2e4d401924ff84609af9d77202b656e84e30268eae695019bdb808ee4
                                                                                                                                                                            • Instruction ID: 23ed7518c937133f40f1ca80249fa8f4840b315ce05afebc1b4432f60b0caada
                                                                                                                                                                            • Opcode Fuzzy Hash: 96f6a9e2e4d401924ff84609af9d77202b656e84e30268eae695019bdb808ee4
                                                                                                                                                                            • Instruction Fuzzy Hash: 99C1AE75A00218DFDF04DFA8C885AADBBB5FF48310F588159E816AB391DB71AD05CBE1
                                                                                                                                                                            Function 00198DC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88encryptionstringCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1449 198dc0-198e4b call 1a1ee0 call 197fe0 1454 198e4d-198e56 lstrcatA 1449->1454 1455 198e5c-198e75 CryptAcquireContextA 1449->1455 1454->1455 1456 198ea7-198ed4 GetLastError call 197da0 call 1a203a 1455->1456 1457 198e77-198e80 1455->1457 1466 198edf 1456->1466 1467 198ed6-198ed9 CryptReleaseContext 1456->1467 1459 198e8b-198ea6 call 1a0bbe 1457->1459 1460 198e82-198e85 CryptReleaseContext 1457->1460 1460->1459 1467->1466
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00197FE0: GetVersionExW.KERNEL32(?), ref: 00198004
                                                                                                                                                                            • lstrcatA.KERNEL32(?, (Prototype),?,BE732AEF,?), ref: 00198E56
                                                                                                                                                                            • CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,BE732AEF,?), ref: 00198E6D
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,BE732AEF,?), ref: 00198E85
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,BE732AEF,?), ref: 00198EAC
                                                                                                                                                                              • Part of subcall function 00197DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00197DD8
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00198ECA
                                                                                                                                                                              • Part of subcall function 001A203A: RaiseException.KERNEL32(?,?,00198071,?,?,?,?,?,?,?,?,00198071,?,001BB144,00000000), ref: 001A209A
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,001BB144,00000000,?,BE732AEF,?), ref: 00198ED9
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ContextCrypt$Release$AcquireErrorExceptionException@8LastRaiseThrowVersion___std_exception_copylstrcat
                                                                                                                                                                            • String ID: (Prototype)$Unable to acquire cryptographic provider!$vider
                                                                                                                                                                            • API String ID: 2041426586-155044149
                                                                                                                                                                            • Opcode ID: 6c20b0f8818d26792fff00ab20b353a2e71b6c1d1297f094ff67b46325cc4b8e
                                                                                                                                                                            • Instruction ID: e7ffc98390c0908f0a2d11c4244da579a52ca36d9abe32a3481deed5cea0f426
                                                                                                                                                                            • Opcode Fuzzy Hash: 6c20b0f8818d26792fff00ab20b353a2e71b6c1d1297f094ff67b46325cc4b8e
                                                                                                                                                                            • Instruction Fuzzy Hash: 2F318075E04618ABDB20DFA8DC55BAEB7B8FF09704F10861AF914E3691EB706584CB50
                                                                                                                                                                            Function 00199450 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00198378,0000800C,BE732AEF,?), ref: 00199470
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?,00000000), ref: 00199489
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to create hash context!), ref: 001994A4
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 001994BC
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to create hash context!, xrefs: 0019949F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CryptHash$CreateDestroyErrorException@8LastThrow
                                                                                                                                                                            • String ID: Unable to create hash context!
                                                                                                                                                                            • API String ID: 1323042765-1944974401
                                                                                                                                                                            • Opcode ID: 543f13bbf20365679735ba153630dfc15672b2a0e6e0ef73fa5cca7bb66c7cfb
                                                                                                                                                                            • Instruction ID: a957f486514af0f39fa78a1314cc1a6a9fae551a993e60f4288939471860f9d4
                                                                                                                                                                            • Opcode Fuzzy Hash: 543f13bbf20365679735ba153630dfc15672b2a0e6e0ef73fa5cca7bb66c7cfb
                                                                                                                                                                            • Instruction Fuzzy Hash: E001A475600208AFDB14EFA4DD56FAEBBB8EF08700F00416DF912A7690DB70AE54CB90
                                                                                                                                                                            Function 00198130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryA.KERNELBASE(wintrust.dll,?,?,001BB144,00000000), ref: 00198136
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 00198149
                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,001BB144,00000000), ref: 00198152
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                            • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                            • API String ID: 145871493-3385133079
                                                                                                                                                                            • Opcode ID: b20b8ad77c95c7ed93a5111242de82772928cc2dd6a2ca038f617045395c2042
                                                                                                                                                                            • Instruction ID: 891a07102fe229783724d8b92a947d6976965a1eaaf79354b49a276ca4554ffd
                                                                                                                                                                            • Opcode Fuzzy Hash: b20b8ad77c95c7ed93a5111242de82772928cc2dd6a2ca038f617045395c2042
                                                                                                                                                                            • Instruction Fuzzy Hash: 6CD05E326006317B8A1017AC7C0D9CB6BB8AEC2E6130E4369F421921298B3488D2A290
                                                                                                                                                                            Function 00199250 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptGenRandom.ADVAPI32(00000008,00199209,BE732AEF,?,00199209,0000800C,?,?,001BB144,00000000,?,?,?,?,001B2269,000000FF), ref: 001992A8
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to generate random number!,?,00199209,0000800C,?,?,001BB144,00000000,?,?,?,?,001B2269,000000FF), ref: 00199320
                                                                                                                                                                              • Part of subcall function 00197DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00197DD8
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00199338
                                                                                                                                                                              • Part of subcall function 001A203A: RaiseException.KERNEL32(?,?,00198071,?,?,?,?,?,?,?,?,00198071,?,001BB144,00000000), ref: 001A209A
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to generate random number!, xrefs: 0019931B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CryptErrorExceptionException@8LastRaiseRandomThrow___std_exception_copy
                                                                                                                                                                            • String ID: Unable to generate random number!
                                                                                                                                                                            • API String ID: 4207938790-1854326980
                                                                                                                                                                            • Opcode ID: 73cfdb0ca81ae5d862a2bba32cd393d0ea31725716f5860497b2e0f69abcc5d1
                                                                                                                                                                            • Instruction ID: 39ea6beabb305592f620c09ada781b34c7d9360c87fe30c5a53eb4a28cacc766
                                                                                                                                                                            • Opcode Fuzzy Hash: 73cfdb0ca81ae5d862a2bba32cd393d0ea31725716f5860497b2e0f69abcc5d1
                                                                                                                                                                            • Instruction Fuzzy Hash: EB219575A006489FDB14EFA4D842FEDB7B8FB19714F100729F522A76C1DB306984CA91
                                                                                                                                                                            Function 0019B0E0 Relevance: 3.4, APIs: 2, Instructions: 449encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0019B780: GetProcessHeap.KERNEL32(00195644), ref: 0019B7DC
                                                                                                                                                                              • Part of subcall function 00198DC0: lstrcatA.KERNEL32(?, (Prototype),?,BE732AEF,?), ref: 00198E56
                                                                                                                                                                              • Part of subcall function 00198DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,BE732AEF,?), ref: 00198E6D
                                                                                                                                                                              • Part of subcall function 00198DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,BE732AEF,?), ref: 00198E85
                                                                                                                                                                              • Part of subcall function 00199450: CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00198378,0000800C,BE732AEF,?), ref: 00199470
                                                                                                                                                                              • Part of subcall function 00199450: CryptDestroyHash.ADVAPI32(?,00000000), ref: 00199489
                                                                                                                                                                              • Part of subcall function 00198DC0: GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,BE732AEF,?), ref: 00198EAC
                                                                                                                                                                              • Part of subcall function 00198DC0: __CxxThrowException@8.LIBVCRUNTIME ref: 00198ECA
                                                                                                                                                                              • Part of subcall function 00198DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,001BB144,00000000,?,BE732AEF,?), ref: 00198ED9
                                                                                                                                                                              • Part of subcall function 00199450: GetLastError.KERNEL32(Unable to create hash context!), ref: 001994A4
                                                                                                                                                                              • Part of subcall function 00199450: __CxxThrowException@8.LIBVCRUNTIME ref: 001994BC
                                                                                                                                                                              • Part of subcall function 0019C500: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0019C5FD
                                                                                                                                                                              • Part of subcall function 0019C500: GetLastError.KERNEL32(?,?,?,?,001B2548), ref: 0019C607
                                                                                                                                                                              • Part of subcall function 00199340: CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00198744,00000000,BE732AEF,?,?,?,00000000), ref: 00199395
                                                                                                                                                                              • Part of subcall function 00199340: CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 001993DC
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 0019B5EF
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 0019B623
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$Hash$ContextDestroyErrorLast$Exception@8ParamReleaseThrow$AcquireCreateDirectoryHeapProcessSystemlstrcat
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2781682779-0
                                                                                                                                                                            • Opcode ID: e85e8ff8999d135f12bf972fa3d1264876af830e435eb3556c242895dc486698
                                                                                                                                                                            • Instruction ID: 94bc540fc032c696becb7011c5b669b052459fc5c41552d0e6ba9f444e6f3c87
                                                                                                                                                                            • Opcode Fuzzy Hash: e85e8ff8999d135f12bf972fa3d1264876af830e435eb3556c242895dc486698
                                                                                                                                                                            • Instruction Fuzzy Hash: 5A12BF35D052688BDF21CB68CD84BEDBBB5AF55314F1442DAD809A7382DB34AE84CF91
                                                                                                                                                                            Function 001982F0 Relevance: 1.6, APIs: 1, Instructions: 90encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000,00000004,?,00198744,0000800C,BE732AEF,?), ref: 001983CB
                                                                                                                                                                              • Part of subcall function 00199020: CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,BE732AEF,?,?,00198744,?,?,?,?,001B2269,000000FF), ref: 00199088
                                                                                                                                                                              • Part of subcall function 00199020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,001B2269,000000FF), ref: 001990A4
                                                                                                                                                                              • Part of subcall function 00199020: CryptHashData.ADVAPI32(?,?,BE732AEF,00000000,?,?,?,?,001B2269,000000FF), ref: 001990BB
                                                                                                                                                                              • Part of subcall function 00199020: CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,001B2269,000000FF), ref: 001990E4
                                                                                                                                                                              • Part of subcall function 00199020: CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,001B2269,000000FF), ref: 00199128
                                                                                                                                                                              • Part of subcall function 00199020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,001B2269,000000FF), ref: 0019913E
                                                                                                                                                                              • Part of subcall function 00199020: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,001B2269,000000FF), ref: 0019914E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$Hash$Destroy$Param$ContextCreateDataRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2857581251-0
                                                                                                                                                                            • Opcode ID: a9bf28c34281f1531ddf6a6ebea0aaba5dcfb59a55cfcf467516efabf9054b81
                                                                                                                                                                            • Instruction ID: aa629b65bdfd7fda323b12ce7efac55cd968d14d43a29f2c6b8f0ee6b2c7a9a0
                                                                                                                                                                            • Opcode Fuzzy Hash: a9bf28c34281f1531ddf6a6ebea0aaba5dcfb59a55cfcf467516efabf9054b81
                                                                                                                                                                            • Instruction Fuzzy Hash: 9E312CB5D00209ABDF11DF98C996BEFBBB8FB55714F004119E911B3281DB74AA44CBA0
                                                                                                                                                                            Function 001921B0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 241timelibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • KillTimer.USER32(?,00000001), ref: 00192233
                                                                                                                                                                            • InterlockedExchange.KERNEL32(04F6F2C4,00000000), ref: 00192244
                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00192250
                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0019226E
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 001922B5
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 001922BC
                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 001922D8
                                                                                                                                                                            • SetTimer.USER32(?,00000001,00000019,?), ref: 0019230B
                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00192317
                                                                                                                                                                            • DefWindowProcW.USER32(?,00000010,?,?), ref: 00192401
                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0019242E
                                                                                                                                                                              • Part of subcall function 00191FC0: CreateSolidBrush.GDI32(00824049), ref: 00192021
                                                                                                                                                                              • Part of subcall function 00191FC0: CreateSolidBrush.GDI32(00F67000), ref: 00192064
                                                                                                                                                                              • Part of subcall function 00191FC0: BeginPaint.USER32(?,?), ref: 00192074
                                                                                                                                                                              • Part of subcall function 00191FC0: FillRect.USER32(?,?), ref: 001920E3
                                                                                                                                                                              • Part of subcall function 00191FC0: FillRect.USER32(?,?), ref: 0019210D
                                                                                                                                                                              • Part of subcall function 00191FC0: EndPaint.USER32(?,?), ref: 00192118
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ProcWindow$Rect$BrushCreateFillPaintSolidTimer$AddressBeginExchangeHandleInterlockedKillModuleVersion
                                                                                                                                                                            • String ID: DwmSetWindowAttribute$ShutdownBlockReasonCreate$dwmapi.dll$user32.dll
                                                                                                                                                                            • API String ID: 190927372-2496381605
                                                                                                                                                                            • Opcode ID: d3e9cd2e462e4d6baedb3ff2eb4b490777ab253a8bb890cbf81b7812c95adae7
                                                                                                                                                                            • Instruction ID: c2558a1b945992b112d84d80b927318f54db559d5fed53d959040469830d7daa
                                                                                                                                                                            • Opcode Fuzzy Hash: d3e9cd2e462e4d6baedb3ff2eb4b490777ab253a8bb890cbf81b7812c95adae7
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C71C732600208BFDF209F64EC89BFE7B78FB5D711F000199F516962A1C7759A94DB61
                                                                                                                                                                            Function 00197E70 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • OpenProcessToken.ADVAPI32(001954E2,00000008,?,BE732AEF,?,00000000), ref: 00197EAC
                                                                                                                                                                            • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,001B20C0), ref: 00197ED9
                                                                                                                                                                            • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00197F15
                                                                                                                                                                            • IsValidSid.ADVAPI32 ref: 00197F22
                                                                                                                                                                            • GetSidSubAuthorityCount.ADVAPI32 ref: 00197F31
                                                                                                                                                                            • GetSidSubAuthority.ADVAPI32(?,?), ref: 00197F3D
                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 00197F4F
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to open process token!), ref: 00197F78
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00197F90
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to retrieve process mandatory label!,?,001BB144,00000000), ref: 00197F9A
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00197FB2
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to verify mandatory label!,?,001BB144,00000000), ref: 00197FBC
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00197FD4
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to retrieve process mandatory label!, xrefs: 00197F95
                                                                                                                                                                            • Unable to verify mandatory label!, xrefs: 00197FB7
                                                                                                                                                                            • Unable to open process token!, xrefs: 00197F73
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorException@8LastThrowToken$AuthorityInformation$CloseCountHandleOpenProcessValid
                                                                                                                                                                            • String ID: Unable to open process token!$Unable to retrieve process mandatory label!$Unable to verify mandatory label!
                                                                                                                                                                            • API String ID: 492105640-3458634299
                                                                                                                                                                            • Opcode ID: 817f61529543b36897105ceb1d7133d46e483d0c9f2310d8a83222c432dea40f
                                                                                                                                                                            • Instruction ID: f89e26dd992c965d12fa7295b5c24a08788a9d7620cdef1c1757819d5b9dd761
                                                                                                                                                                            • Opcode Fuzzy Hash: 817f61529543b36897105ceb1d7133d46e483d0c9f2310d8a83222c432dea40f
                                                                                                                                                                            • Instruction Fuzzy Hash: 8B415EB5A04209AFDB14EFA4DC45FAEB7BCFF19700F004129F916E2591DB74AA04CB60
                                                                                                                                                                            Function 00191D90 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 168registrywindowCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1069 191d90-191dde 1070 191de0-191de3 1069->1070 1071 191de5 1069->1071 1070->1071 1072 191dea-191df7 call 191930 1070->1072 1071->1072 1075 191f8a-191f91 1072->1075 1076 191dfd-191e0c GetObjectW 1072->1076 1077 191f96-191fb1 call 1a0bbe 1075->1077 1076->1075 1078 191e12-191ecd LoadImageW * 2 CreatePatternBrush call 193b30 KiUserCallbackDispatcher GetSystemMetrics LoadImageW SystemParametersInfoW 1076->1078 1078->1075 1083 191ed3-191f49 call 193b30 RegisterClassExW CreateWindowExW InterlockedExchange 1078->1083 1083->1075 1086 191f4b 1083->1086 1087 191f50-191f62 KiUserCallbackDispatcher 1086->1087 1088 191f75-191f7f 1087->1088 1089 191f64-191f67 1087->1089 1088->1077 1089->1087 1090 191f69-191f73 DispatchMessageW 1089->1090 1090->1087
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00191E04
                                                                                                                                                                            • LoadImageW.USER32(00000000,00000064,00000001,00000000,00000000,00000040), ref: 00191E51
                                                                                                                                                                            • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00191E6C
                                                                                                                                                                            • CreatePatternBrush.GDI32(00000000), ref: 00191E76
                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(00000032), ref: 00191E98
                                                                                                                                                                            • GetSystemMetrics.USER32(00000031), ref: 00191EA2
                                                                                                                                                                            • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00191EB2
                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00191EC5
                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00191F0F
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,?,00000000,90080000,?,?,?,?,00000000,00000000,?,?), ref: 00191F38
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 00191F40
                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00191F5A
                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00191F6D
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ImageLoad$CallbackCreateDispatcherSystemUser$BrushClassDispatchExchangeInfoInterlockedMessageMetricsObjectParametersPatternRegisterWindow
                                                                                                                                                                            • String ID: 0
                                                                                                                                                                            • API String ID: 2747924374-4108050209
                                                                                                                                                                            • Opcode ID: 7472ce90483fe793890cc8f516ba459dfc64d5416d594d7d28e0e1fc0e6da244
                                                                                                                                                                            • Instruction ID: f8c075833dd403654e9987b48f71e52269422dc8c6ceb41b830db62bfd642a53
                                                                                                                                                                            • Opcode Fuzzy Hash: 7472ce90483fe793890cc8f516ba459dfc64d5416d594d7d28e0e1fc0e6da244
                                                                                                                                                                            • Instruction Fuzzy Hash: 6B513F71A40319AFEB208FA4CC49BAEBBB8FB04710F144259FA15AB2D0D774A954CF50
                                                                                                                                                                            Function 00191020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 60libraryloadermemoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1091 191020-19103c HeapSetInformation GetModuleHandleW 1092 19103e-19104e GetProcAddress 1091->1092 1093 191063-19107b SetDllDirectoryW GetModuleHandleW 1091->1093 1092->1093 1096 191050-191061 1092->1096 1094 19107d-19108d GetProcAddress 1093->1094 1095 1910a2-1910ac IsProcessorFeaturePresent 1093->1095 1094->1095 1097 19108f-1910a0 1094->1097 1098 1910ae-1910c0 call 193b70 ExitProcess 1095->1098 1099 1910c6-1910d0 call 197fe0 1095->1099 1096->1093 1096->1095 1097->1095 1107 1910ea call 1a08de 1099->1107 1108 1910d2-1910e4 call 193b70 ExitProcess 1099->1108 1112 1910ef-1910f0 ExitProcess 1107->1112
                                                                                                                                                                            APIs
                                                                                                                                                                            • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00191029
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00191034
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00191044
                                                                                                                                                                            • SetDllDirectoryW.KERNEL32(001B35D4), ref: 00191068
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00191073
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LdrEnumerateLoadedModules), ref: 00191083
                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 001910A4
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 001910C0
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 001910E4
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 001910F0
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExitProcess$AddressHandleModuleProc$DirectoryFeatureHeapInformationPresentProcessor
                                                                                                                                                                            • String ID: LdrEnumerateLoadedModules$SetDefaultDllDirectories$kernel32.dll$ntdll.dll
                                                                                                                                                                            • API String ID: 1484830609-1451921263
                                                                                                                                                                            • Opcode ID: baedf22e0a5bc5570a62b91ae7077f3b0c7c3faa1d87d942b0f4eeeabac67ec2
                                                                                                                                                                            • Instruction ID: ae8827359a58206aec58f009043032add3951dad4e31b5a507dbb8c20c6075a8
                                                                                                                                                                            • Opcode Fuzzy Hash: baedf22e0a5bc5570a62b91ae7077f3b0c7c3faa1d87d942b0f4eeeabac67ec2
                                                                                                                                                                            • Instruction Fuzzy Hash: 5E115271B8031277DE303771AC1FB5D69189F14F41F044320F62AE55E0DF51DAE04AA6
                                                                                                                                                                            Function 00193190 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1142 193190-1931b9 GetWindowsDirectoryW 1143 1931bf-1931c2 1142->1143 1144 193240-193246 GetLastError 1142->1144 1143->1144 1146 1931c4-1931e1 call 199250 ConvertStringSecurityDescriptorToSecurityDescriptorA 1143->1146 1145 193248-19324d 1144->1145 1148 19324f-193250 LocalFree 1145->1148 1149 193256-193272 SetLastError call 1a0bbe 1145->1149 1146->1144 1152 1931e3-193217 wsprintfW CreateDirectoryW 1146->1152 1148->1149 1152->1145 1154 193219-19323e wsprintfW CreateDirectoryW 1152->1154 1154->1144 1154->1145
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(?,00000020,?,?,?), ref: 001931B1
                                                                                                                                                                            • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU),00000001,?,00000000), ref: 001931DA
                                                                                                                                                                            • wsprintfW.USER32 ref: 00193201
                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,?), ref: 0019320F
                                                                                                                                                                            • wsprintfW.USER32 ref: 00193228
                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,?), ref: 00193236
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?), ref: 00193240
                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?), ref: 00193250
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?), ref: 00193257
                                                                                                                                                                              • Part of subcall function 00199250: CryptGenRandom.ADVAPI32(00000008,00199209,BE732AEF,?,00199209,0000800C,?,?,001BB144,00000000,?,?,?,?,001B2269,000000FF), ref: 001992A8
                                                                                                                                                                            Strings
                                                                                                                                                                            • %s\Temp\asw.%08x%08x, xrefs: 001931F1
                                                                                                                                                                            • %c:\asw.%08x%08x, xrefs: 00193222
                                                                                                                                                                            • D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU), xrefs: 001931D5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Directory$CreateDescriptorErrorLastSecuritywsprintf$ConvertCryptFreeLocalRandomStringWindows
                                                                                                                                                                            • String ID: %c:\asw.%08x%08x$%s\Temp\asw.%08x%08x$D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU)
                                                                                                                                                                            • API String ID: 1345463893-1526440225
                                                                                                                                                                            • Opcode ID: cf20885cec5195de76c3b61cc0bc7a50bcc61b092834e63cb29f213689f1f3b8
                                                                                                                                                                            • Instruction ID: 6ca3e77b2dfb38be28b79302693ee4ea3d59eff2522ce87d0509328828512be6
                                                                                                                                                                            • Opcode Fuzzy Hash: cf20885cec5195de76c3b61cc0bc7a50bcc61b092834e63cb29f213689f1f3b8
                                                                                                                                                                            • Instruction Fuzzy Hash: FB213EB1A00208ABDF11EFE8DD89DAEBBBCEF45B41F040215F915E6150DB309E958BA1
                                                                                                                                                                            Function 00198520 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 243COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1155 198520-198560 1156 198658-19866a 1155->1156 1157 198566-19856e 1155->1157 1158 198801-198819 call 197da0 call 1a203a 1156->1158 1159 198670-19867b 1156->1159 1157->1156 1160 198574-198579 1157->1160 1171 19881e-198836 call 197da0 call 1a203a 1158->1171 1161 198681-198688 1159->1161 1162 198862-19887f call 197da0 call 1a203a 1159->1162 1164 19857f-198581 1160->1164 1165 198656 1160->1165 1166 19868a-19868d 1161->1166 1167 1986bd-1986c3 1161->1167 1164->1165 1170 198587-198591 1164->1170 1165->1156 1166->1171 1172 198693-1986bb call 1981a0 1166->1172 1167->1162 1175 1986c9-1986d0 1167->1175 1170->1165 1176 198597-19859d 1170->1176 1197 19883b call 1a4650 1171->1197 1188 198725-198765 call 1982f0 call 198880 1172->1188 1175->1162 1180 1986d6-1986dc 1175->1180 1176->1165 1181 1985a3-1985a9 1176->1181 1185 1986e2-1986ec 1180->1185 1186 198845-19885d call 197da0 call 1a203a 1180->1186 1181->1165 1187 1985af-1985c1 1181->1187 1185->1186 1190 1986f2-1986fc 1185->1190 1186->1162 1191 1985e8-1985f3 1187->1191 1192 1985c3-1985c9 1187->1192 1215 1987a9-1987ae 1188->1215 1216 198767-198774 1188->1216 1190->1186 1198 198702-198722 call 19d860 1190->1198 1195 198602-198608 1191->1195 1196 1985f5-198600 1191->1196 1192->1165 1199 1985cf-1985d8 1192->1199 1195->1165 1203 19860a-198613 1195->1203 1196->1165 1196->1195 1210 198840 call 1a4650 1197->1210 1198->1188 1199->1165 1206 1985da-1985e6 1199->1206 1203->1165 1209 198615-19861b 1203->1209 1207 198621-198629 1206->1207 1207->1156 1213 19862b-19862d 1207->1213 1209->1207 1210->1186 1213->1156 1217 19862f-198631 1213->1217 1222 1987d9-198800 call 1a0bbe 1215->1222 1223 1987b0-1987bd 1215->1223 1218 19878a-1987a2 call 1a0bff 1216->1218 1219 198776-198784 1216->1219 1220 198638-19863b 1217->1220 1221 198633-198635 1217->1221 1218->1215 1219->1197 1219->1218 1225 198640-198642 1220->1225 1221->1220 1226 1987cf-1987d6 call 1a0bff 1223->1226 1227 1987bf-1987cd 1223->1227 1231 198651-198654 1225->1231 1232 198644-198648 1225->1232 1226->1222 1227->1210 1227->1226 1231->1156 1232->1231 1235 19864a-19864f 1232->1235 1235->1225 1235->1231
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: ASWS$ASWS$ASWS$Unable to read signature!$ig2A$ig2A
                                                                                                                                                                            • API String ID: 0-1997839495
                                                                                                                                                                            • Opcode ID: 0bc95f4ea387be0c18e76d83f01180d2a63a55a02f3f7026bcd757c0fb247105
                                                                                                                                                                            • Instruction ID: 5acb7fcb82580183067240459163fc13a9dbad082ae6e84c8ecb2fffd568be12
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bc95f4ea387be0c18e76d83f01180d2a63a55a02f3f7026bcd757c0fb247105
                                                                                                                                                                            • Instruction Fuzzy Hash: 4691F271E002089FDF18DFA8C985BEDB7B4FF16704F60812AE404BB181DB75A944CBA5
                                                                                                                                                                            Function 00198410 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1237 198410-19844b GetFileSizeEx 1238 1984f9 1237->1238 1239 198451-198455 1237->1239 1240 1984fe-198504 GetLastError 1238->1240 1241 198471-198486 CreateFileMappingW 1239->1241 1242 198457 1239->1242 1245 198505-19851b call 197da0 call 1a203a 1240->1245 1243 198488-19848d 1241->1243 1244 19848f-1984ac MapViewOfFile 1241->1244 1246 198459-198460 1242->1246 1247 198462-19846c 1242->1247 1243->1240 1248 1984ae-1984b3 1244->1248 1249 1984b5-1984f8 call 198520 UnmapViewOfFile CloseHandle call 1a0bbe 1244->1249 1246->1241 1246->1247 1247->1245 1248->1240
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetFileSizeEx.KERNEL32(?,001B2160,BE732AEF,?,?,?,?,?,00000000,001B2160,000000FF,?,001926F7,?,00000000), ref: 00198443
                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000,?,?,00000000,001B2160), ref: 0019847C
                                                                                                                                                                            • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,00000000,001B2160), ref: 001984A2
                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,00000000,001B2160), ref: 001984CE
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,001B2160), ref: 001984D5
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine file size!,?,?,00000000,001B2160,000000FF,?,001926F7,?,00000000), ref: 001984FE
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00198516
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$View$CloseCreateErrorException@8HandleLastMappingSizeThrowUnmap
                                                                                                                                                                            • String ID: Unable to determine file size!$Unable to open file mapping!$Unable to process files over 1GB!
                                                                                                                                                                            • API String ID: 3729524651-729644499
                                                                                                                                                                            • Opcode ID: 5ce1021f08fb4476aa4b3dfe49584e5f8cee0cb0d408f8831ce036f91287d3d3
                                                                                                                                                                            • Instruction ID: ec8cfe09ca31c84ac772ccaa8322d41ccdafdccc29c30aa795bc23c499338bad
                                                                                                                                                                            • Opcode Fuzzy Hash: 5ce1021f08fb4476aa4b3dfe49584e5f8cee0cb0d408f8831ce036f91287d3d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 0031D531A40209BBDF219F94DC0AFEF7B78EF0AB14F104119F911A72C0DB7056448BA4
                                                                                                                                                                            Function 0019C500 Relevance: 16.8, APIs: 11, Instructions: 316fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1258 19c500-19c541 call 19b780 1261 19c88c-19c891 call 199da0 1258->1261 1262 19c547-19c56e call 19b780 1258->1262 1265 19c896-19c89b call 199da0 1261->1265 1262->1265 1274 19c574-19c598 call 19b780 1262->1274 1267 19c8a0-19c8a5 call 199da0 1265->1267 1271 19c8aa-19c8b4 call 199da0 1267->1271 1274->1267 1280 19c59e-19c5e5 1274->1280 1283 19c5f7-19c605 GetSystemDirectoryW 1280->1283 1284 19c5e7-19c5f4 call 19c920 1280->1284 1286 19c614-19c616 1283->1286 1287 19c607-19c612 GetLastError 1283->1287 1284->1283 1289 19c619-19c62c call 1a575e 1286->1289 1287->1289 1289->1271 1292 19c632-19c638 1289->1292 1292->1271 1293 19c63e-19c649 1292->1293 1294 19c7fd-19c80d 1293->1294 1295 19c64f-19c662 1293->1295 1298 19c80f-19c823 1294->1298 1299 19c826-19c833 1294->1299 1296 19c664-19c674 call 19c920 1295->1296 1297 19c677-19c686 GetVolumePathNameW 1295->1297 1296->1297 1303 19c688-19c690 GetLastError 1297->1303 1304 19c693-19c6a1 call 1a575e 1297->1304 1298->1299 1300 19c849-19c857 1299->1300 1301 19c835-19c845 1299->1301 1306 19c859-19c869 1300->1306 1307 19c86d-19c88b call 1a0bbe 1300->1307 1301->1300 1303->1304 1304->1271 1314 19c6a7-19c6aa 1304->1314 1306->1307 1314->1271 1317 19c6b0-19c6bb 1314->1317 1317->1294 1318 19c6c1-19c6d3 1317->1318 1319 19c6e5-19c6f4 GetVolumeNameForVolumeMountPointW 1318->1319 1320 19c6d5-19c6e2 call 19c920 1318->1320 1321 19c701-19c70f call 1a575e 1319->1321 1322 19c6f6-19c6fe GetLastError 1319->1322 1320->1319 1321->1271 1327 19c715-19c718 1321->1327 1322->1321 1327->1271 1328 19c71e-19c729 1327->1328 1328->1294 1329 19c72f-19c737 1328->1329 1330 19c739-19c73b 1329->1330 1331 19c79e-19c7b6 CreateFileW 1329->1331 1334 19c740-19c744 1330->1334 1332 19c7b8-19c7c1 GetLastError 1331->1332 1333 19c7c3-19c7e1 DeviceIoControl 1331->1333 1332->1294 1335 19c7ee-19c7f4 1333->1335 1336 19c7e3-19c7ec GetLastError 1333->1336 1337 19c751 1334->1337 1338 19c746-19c74f 1334->1338 1339 19c7f6-19c7f7 CloseHandle 1335->1339 1336->1339 1340 19c753-19c75f 1337->1340 1338->1340 1339->1294 1340->1334 1341 19c761-19c763 1340->1341 1341->1331 1342 19c765-19c769 1341->1342 1342->1271 1343 19c76f-19c77e 1342->1343 1344 19c78c-19c78f 1343->1344 1345 19c780-19c789 call 19c920 1343->1345 1344->1271 1347 19c795-19c79a 1344->1347 1345->1344 1347->1331
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 0019B780: GetProcessHeap.KERNEL32(00195644), ref: 0019B7DC
                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0019C5FD
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,001B2548), ref: 0019C607
                                                                                                                                                                            • GetVolumePathNameW.KERNELBASE(?,00000010,00000104,?,?,?,?,?,001B2548), ref: 0019C67E
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,001B2548), ref: 0019C688
                                                                                                                                                                            • GetVolumeNameForVolumeMountPointW.KERNELBASE(00000010,00000010,00000104,?,?,?,?,?,?,?,001B2548), ref: 0019C6EC
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,001B2548), ref: 0019C6F6
                                                                                                                                                                            • CreateFileW.KERNELBASE(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0019C7AB
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,001B2548), ref: 0019C7B8
                                                                                                                                                                            • DeviceIoControl.KERNELBASE(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000), ref: 0019C7D9
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,001B2548), ref: 0019C7E3
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,001B2548), ref: 0019C7F7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$Volume$Name$CloseControlCreateDeviceDirectoryFileHandleHeapMountPathPointProcessSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 204137380-0
                                                                                                                                                                            • Opcode ID: 1ab08c0b6c8a190d0d6bb7207c7e53750152226a036e5d31dd6f2ac30d41d8b8
                                                                                                                                                                            • Instruction ID: 8d84e5501a5f121680b76ae84680f715ac40a166d4ce640845d77b9040edf1e5
                                                                                                                                                                            • Opcode Fuzzy Hash: 1ab08c0b6c8a190d0d6bb7207c7e53750152226a036e5d31dd6f2ac30d41d8b8
                                                                                                                                                                            • Instruction Fuzzy Hash: 7FB1BE75A006159FDB14DFA8C888BAEB7F5EF58310F10412DE992E7390DB70AE408FA0
                                                                                                                                                                            Function 00192BA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 319fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindResourceW.KERNEL32(00190000,?,0000000A,.edat,00000005,?,?,?,?,00000000,?,?,00000000), ref: 001930A3
                                                                                                                                                                            • LoadResource.KERNEL32(00190000,00000000,?,?,00000000,?,?,00000000), ref: 001930B5
                                                                                                                                                                            • SizeofResource.KERNEL32(00190000,00000000,?,?,00000000,?,?,00000000), ref: 001930C3
                                                                                                                                                                            • CreateFileW.KERNELBASE(?,00000004,00000001,00000000,00000002,00000080,00000000,?,?,00000000,?,?,00000000), ref: 001930EE
                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,00000000), ref: 0019310B
                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,00000000), ref: 00193112
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$File$CloseCreateFindHandleLoadSizeofWrite
                                                                                                                                                                            • String ID: .edat$EDAT_
                                                                                                                                                                            • API String ID: 2436039785-3242799629
                                                                                                                                                                            • Opcode ID: ae9cb92b1e7cea060dfa4e6ceb5b0c5ee7a258b1dd1e029282c71427b4cf57d5
                                                                                                                                                                            • Instruction ID: 471d366efe6c2da877321a0e660582560c2b948d2ac4a0c550b11e05be7cf4cc
                                                                                                                                                                            • Opcode Fuzzy Hash: ae9cb92b1e7cea060dfa4e6ceb5b0c5ee7a258b1dd1e029282c71427b4cf57d5
                                                                                                                                                                            • Instruction Fuzzy Hash: BCA1C876E002059BCF18DFA8CC95BEEB7B5EF49700F154229E826B7291D7309A45CBA0
                                                                                                                                                                            Function 00194020 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 81stringCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • &t=screenview&cd=%s, xrefs: 00194046
                                                                                                                                                                            • &t=event&ec=microstub&ea=ok&el=%08lx, xrefs: 00194066
                                                                                                                                                                            • &t=event&ec=microstub&ea=error&el=%08lx%08lx, xrefs: 00194081
                                                                                                                                                                            • v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s, xrefs: 001940B0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: wsprintf$lstrlen
                                                                                                                                                                            • String ID: &t=event&ec=microstub&ea=error&el=%08lx%08lx$&t=event&ec=microstub&ea=ok&el=%08lx$&t=screenview&cd=%s$v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s
                                                                                                                                                                            • API String ID: 217384638-4207265834
                                                                                                                                                                            • Opcode ID: 2d637081a1461cd95fec9f3c3e56721003978cfa9af820f518b1c9545a5e7d8c
                                                                                                                                                                            • Instruction ID: 5acd8b0698fb86af277ab1ddb7f8d9e11f8087ca412455f69e9d724a9a4f93c3
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d637081a1461cd95fec9f3c3e56721003978cfa9af820f518b1c9545a5e7d8c
                                                                                                                                                                            • Instruction Fuzzy Hash: 62311CB1900219ABDB20DF64DD45B9AB7B8FF19314F0042D9F619E3241EB70AAA4CF95
                                                                                                                                                                            Function 001939C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindResourceW.KERNEL32(00190000,00000001,00000010), ref: 001939F1
                                                                                                                                                                            • LoadResource.KERNEL32(00190000,00000000), ref: 00193A01
                                                                                                                                                                            • wsprintfW.USER32 ref: 00193A52
                                                                                                                                                                            Strings
                                                                                                                                                                            • %d.%d.%d.%d, xrefs: 00193A4A
                                                                                                                                                                            • \StringFileInfo\040904b0\Edition, xrefs: 00193A67
                                                                                                                                                                            • \StringFileInfo\040904b0\SubEdition, xrefs: 00193A8F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$FindLoadwsprintf
                                                                                                                                                                            • String ID: %d.%d.%d.%d$\StringFileInfo\040904b0\Edition$\StringFileInfo\040904b0\SubEdition
                                                                                                                                                                            • API String ID: 1667977947-3794282237
                                                                                                                                                                            • Opcode ID: bec83bbdd8ff8b57755b00d76ad8b251123ad4ccda371ffcbeaed17d5d47dd6f
                                                                                                                                                                            • Instruction ID: f8971ac12deb06489aefe8d75c15f69ca4ad9fe34c5cd1a4029b0879076d39a2
                                                                                                                                                                            • Opcode Fuzzy Hash: bec83bbdd8ff8b57755b00d76ad8b251123ad4ccda371ffcbeaed17d5d47dd6f
                                                                                                                                                                            • Instruction Fuzzy Hash: 79318A76A00219ABCB11DFA5DC42AFFB7BCEF49310F040169F919E6281EB31DE5587A1
                                                                                                                                                                            Function 00192480 Relevance: 9.1, APIs: 6, Instructions: 95sleepfileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000), ref: 00192506
                                                                                                                                                                            • SetEndOfFile.KERNELBASE(?), ref: 00192511
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0019251B
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00192550
                                                                                                                                                                            • Sleep.KERNEL32(000003E8,00000000), ref: 00192574
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,00000000), ref: 00192585
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$File$PointerSleep
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3209234422-0
                                                                                                                                                                            • Opcode ID: c1d998155dcf6ec59a29e81e7e7cbaf1c63fd6ede7389a8546d8b738c0bdcf4e
                                                                                                                                                                            • Instruction ID: 251df4eb6a8d59f8a5723adec826b36545772f0616fad5dc27d84597cd5b1eb4
                                                                                                                                                                            • Opcode Fuzzy Hash: c1d998155dcf6ec59a29e81e7e7cbaf1c63fd6ede7389a8546d8b738c0bdcf4e
                                                                                                                                                                            • Instruction Fuzzy Hash: CE316B75D00209EBEF149FA9E8547EEBBB4FF49310F16421AF825A3350DB709941CB91
                                                                                                                                                                            Function 0019B890 Relevance: 6.2, APIs: 4, Instructions: 243COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,?,0019B45F), ref: 0019B99D
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000010,00000000,?,0019B45F), ref: 0019B9D6
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000,?,0019B45F), ref: 0019BA89
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,0019B45F,00000000,00000000,00000000,?,0019B45F), ref: 0019BAC7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 626452242-0
                                                                                                                                                                            • Opcode ID: 3287eed4472bc988192a27d7346c8533285d1a5ad08e22b49f3dcb8e9bb3cf72
                                                                                                                                                                            • Instruction ID: 841d1ea6a58bf9a59b18510c53524503bbe65f50cb9f673b25d739131d6ade96
                                                                                                                                                                            • Opcode Fuzzy Hash: 3287eed4472bc988192a27d7346c8533285d1a5ad08e22b49f3dcb8e9bb3cf72
                                                                                                                                                                            • Instruction Fuzzy Hash: 9691BC71A05209DFDF10CF68D988BADBBB5FF85324F204259E815AB391DB71AE01CB90
                                                                                                                                                                            Function 001943E0 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00004020,?,00000000,?), ref: 0019440A
                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 00194415
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateHandleThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3032276028-0
                                                                                                                                                                            • Opcode ID: 027785372b7ac7805257eebc32be2852109d51bd07154717c73db5aee91a32f1
                                                                                                                                                                            • Instruction ID: 5ced51313ea746c1615e69f7c36b20f6612cb32d23e9ad638c42bb584fd1d5bb
                                                                                                                                                                            • Opcode Fuzzy Hash: 027785372b7ac7805257eebc32be2852109d51bd07154717c73db5aee91a32f1
                                                                                                                                                                            • Instruction Fuzzy Hash: 5AF01270600208AFDB10EFA4DC59FAD7BB4EB08705F504158F905971D1DB706A95C751
                                                                                                                                                                            Function 00194440 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_000041B0,?,00000000,?), ref: 0019446A
                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 00194475
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateHandleThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3032276028-0
                                                                                                                                                                            • Opcode ID: b951d5e11c1ff6421e731fb017322dddf1503ecea3a63b0321967bef18bf6659
                                                                                                                                                                            • Instruction ID: 5f64fcdac7e1d2ad1a9efb6bbc768b3f45cbc06515a936608dd4ea1a6904c165
                                                                                                                                                                            • Opcode Fuzzy Hash: b951d5e11c1ff6421e731fb017322dddf1503ecea3a63b0321967bef18bf6659
                                                                                                                                                                            • Instruction Fuzzy Hash: 71F01270600208ABDB10EFA4DC59FAD7BB8EB04705F504158F805972D1DB706A95C751
                                                                                                                                                                            Function 001AB5D6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 001AA272: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,001A8B5A,00000001,00000364,?,001A2AA0,?,?,?,?,?,00197DDD,?), ref: 001AA2B3
                                                                                                                                                                            • _free.LIBCMT ref: 001AB642
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 614378929-0
                                                                                                                                                                            • Opcode ID: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                            • Instruction ID: 92cf377f48827349d793f45516f6c14a453c24667e6532626df76db82da170e4
                                                                                                                                                                            • Opcode Fuzzy Hash: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                            • Instruction Fuzzy Hash: 7401497B204385AFE7218F6AD88195AFBE9FB86370F25051DE585832C1EB30AD05C734
                                                                                                                                                                            Function 001AA272 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,001A8B5A,00000001,00000364,?,001A2AA0,?,?,?,?,?,00197DDD,?), ref: 001AA2B3
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 1f80ba5729bc7696f7f37f9fb135ecd4d4d7ce60725d47bf0e3ae85cb7279d08
                                                                                                                                                                            • Instruction ID: 00f1a3562e6483d719bef3214a77d1454caca5eed10581d7d1b236ab10aaa5e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 1f80ba5729bc7696f7f37f9fb135ecd4d4d7ce60725d47bf0e3ae85cb7279d08
                                                                                                                                                                            • Instruction Fuzzy Hash: 27F02E3960462067DB216F768C01B6B3789AF53B70F558123FC14D6194DB32DD20C6F2
                                                                                                                                                                            Function 001A05F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A0610
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: fed9b868df9d084826f25854b351ce0696b29f62fa234ad47715634a884e5ad6
                                                                                                                                                                            • Instruction ID: 067c25b868ef689bdd90c1fda7c52beca10ebd1deef0c5da01478577f32a8e21
                                                                                                                                                                            • Opcode Fuzzy Hash: fed9b868df9d084826f25854b351ce0696b29f62fa234ad47715634a884e5ad6
                                                                                                                                                                            • Instruction Fuzzy Hash: 1FB012852ED001FD7129D1805D02F7B011CC8E4B253358C1EF080D04C0D7C06C102031
                                                                                                                                                                            Function 001A0619 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: 4608f8ab804dc8071caa5268998eb4e3b510f615670cd88ad44ad95014d84732
                                                                                                                                                                            • Instruction ID: f930438f12ff94e8059baea41730a9001560c752eb58333dcd8fb29be8562fd5
                                                                                                                                                                            • Opcode Fuzzy Hash: 4608f8ab804dc8071caa5268998eb4e3b510f615670cd88ad44ad95014d84732
                                                                                                                                                                            • Instruction Fuzzy Hash: 4CB0128726C101FD75095140AD02E3B010CC8DCB14731481EF000E0081D7905D100031
                                                                                                                                                                            Function 001A063E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: 2501f3e784c7f937a8bf95f4656d097384cee53880c82b6d8c3228ced91bb21e
                                                                                                                                                                            • Instruction ID: 28ddc6277c11ca7672b57282fd2135ecd82229a33dc53d68fb9616b48623e1d5
                                                                                                                                                                            • Opcode Fuzzy Hash: 2501f3e784c7f937a8bf95f4656d097384cee53880c82b6d8c3228ced91bb21e
                                                                                                                                                                            • Instruction Fuzzy Hash: 39B0128526C001FD350991545D02E3B014CC8DCB14731881EF404D1180D7905C100131
                                                                                                                                                                            Function 001A0634 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: ed28ade4f59704752d11eb10c6a29c8213a480a25a8b46c2c6ffb3e81299a86f
                                                                                                                                                                            • Instruction ID: 6d8f247ad9f2c6518bfaf20b755469abb5b396e9358b96a3101b127c4a321929
                                                                                                                                                                            • Opcode Fuzzy Hash: ed28ade4f59704752d11eb10c6a29c8213a480a25a8b46c2c6ffb3e81299a86f
                                                                                                                                                                            • Instruction Fuzzy Hash: D6B0128926D101FD364991445D02E3B014CC8DCB14331491EF004D1180D7905C540231
                                                                                                                                                                            Function 001A065C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: 0b4ce4c2637f807c26036422a94fc269bc36aa0aa2ce0c5e9fe0c42e59066a01
                                                                                                                                                                            • Instruction ID: 98582f6d29e29b98bfb66f78baf7206d172be5461c139896d5f66a38232789a2
                                                                                                                                                                            • Opcode Fuzzy Hash: 0b4ce4c2637f807c26036422a94fc269bc36aa0aa2ce0c5e9fe0c42e59066a01
                                                                                                                                                                            • Instruction Fuzzy Hash: EEB0129526D201FD364A91445D02E3B020CC8DCF54331491EF004D1180D7909C540231
                                                                                                                                                                            Function 001A0652 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: 8d4407367d908cab640ad845f6a1fca7ff7ba6fa1464e00e9d15c31656051036
                                                                                                                                                                            • Instruction ID: e58d1f090920f90e5f6a0a3922e3665aa3e5c24ca6b51a840186d54ec06f31cb
                                                                                                                                                                            • Opcode Fuzzy Hash: 8d4407367d908cab640ad845f6a1fca7ff7ba6fa1464e00e9d15c31656051036
                                                                                                                                                                            • Instruction Fuzzy Hash: 09B0128526E001FD350A91445E02E3B020CC8DCF94331881EF004D5180D7A06C110131
                                                                                                                                                                            Function 001A0648 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: 7da6b694374591c7695e9036214e41de71bd862b92f9ccc353904e26c239e2db
                                                                                                                                                                            • Instruction ID: 5d4ccc30c1e41f801051668061671e02bed8b341ca1a49add7584ecc3d31e354
                                                                                                                                                                            • Opcode Fuzzy Hash: 7da6b694374591c7695e9036214e41de71bd862b92f9ccc353904e26c239e2db
                                                                                                                                                                            • Instruction Fuzzy Hash: F7B0128527E001FD750A91445D12F3B020CCCDCF54731481EF004D1180D7905C100131
                                                                                                                                                                            Function 001A067A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: 2545980edf3a8ca0849e28612151f8083c333c8eb9317518193379fcd09882b7
                                                                                                                                                                            • Instruction ID: bce49f41d1758e7cc08cb0003a11a01562f75d32e183dff52463e152a671fd36
                                                                                                                                                                            • Opcode Fuzzy Hash: 2545980edf3a8ca0849e28612151f8083c333c8eb9317518193379fcd09882b7
                                                                                                                                                                            • Instruction Fuzzy Hash: 52B0128566C101FD365991845D02F7B010CC9DCB14331491EF004D1180D7905D541231
                                                                                                                                                                            Function 001A0670 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: e6e1fae057f11a70aa84a0079791017a9c9f7107327f5a177559669ee502e52b
                                                                                                                                                                            • Instruction ID: 721d6faeabd46590c21dff36e436d8f1784f90213a2f0defbb0c329138200a13
                                                                                                                                                                            • Opcode Fuzzy Hash: e6e1fae057f11a70aa84a0079791017a9c9f7107327f5a177559669ee502e52b
                                                                                                                                                                            • Instruction Fuzzy Hash: 93B012852AD001FD350A91445D02E3B020CC8DCF54731881EF404D1180D7905C100231
                                                                                                                                                                            Function 001A0666 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: a6e6c14d7d19c9e6f3d669a57b339ce6c7413604a3e6f184bfd37a4f14aaff44
                                                                                                                                                                            • Instruction ID: 0763fd940a3f90d4ec45afadd8b1f7c85bc6b2b6d84ebf941df014dc47ad52ca
                                                                                                                                                                            • Opcode Fuzzy Hash: a6e6c14d7d19c9e6f3d669a57b339ce6c7413604a3e6f184bfd37a4f14aaff44
                                                                                                                                                                            • Instruction Fuzzy Hash: 7FB012D526C001FD350991445E02E3B018CC8DCB14731881EF004D1180D7A05C110131
                                                                                                                                                                            Function 001A0684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___delayLoadHelper2@8.DELAYIMP ref: 001A062B
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00197AF1
                                                                                                                                                                              • Part of subcall function 00197AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00197B59
                                                                                                                                                                              • Part of subcall function 00197AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00197B6A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 697777088-0
                                                                                                                                                                            • Opcode ID: b3221ff1d586f3cbeeea3a952d25750cd4ab1a256541b2cce5a18ffbe0eb7c84
                                                                                                                                                                            • Instruction ID: 96e97c267d73fdb1f21a391fe3baff198a273ee24cee87e0c3442b1bacf3012a
                                                                                                                                                                            • Opcode Fuzzy Hash: b3221ff1d586f3cbeeea3a952d25750cd4ab1a256541b2cce5a18ffbe0eb7c84
                                                                                                                                                                            • Instruction Fuzzy Hash: 0CB0128526C001FD351991845D02F3B010CC8DCB14731881EF404E1180D7909C101131
                                                                                                                                                                            Function 00193FE0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnumResourceNamesW.KERNELBASE(00190000,0000000A,00192BA0,?,?,?,?,?), ref: 00193FF2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EnumNamesResource
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3334572018-0
                                                                                                                                                                            • Opcode ID: 787e0c49659b61f463a514825054b5a4b4fbd05d4427cebfaea0a3ba573655be
                                                                                                                                                                            • Instruction ID: e2b1b2ffdf7b093a8a1829a10c629c59d0d48c49e7bce3a55d92f704a8563579
                                                                                                                                                                            • Opcode Fuzzy Hash: 787e0c49659b61f463a514825054b5a4b4fbd05d4427cebfaea0a3ba573655be
                                                                                                                                                                            • Instruction Fuzzy Hash: 06B09231284308BBCE012A95EC0AF843BA8AB09B92F440100F60E6449087B2A1708696

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00199020 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 152encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00198DC0: lstrcatA.KERNEL32(?, (Prototype),?,BE732AEF,?), ref: 00198E56
                                                                                                                                                                              • Part of subcall function 00198DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,BE732AEF,?), ref: 00198E6D
                                                                                                                                                                              • Part of subcall function 00198DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,BE732AEF,?), ref: 00198E85
                                                                                                                                                                            • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,BE732AEF,?,?,00198744,?,?,?,?,001B2269,000000FF), ref: 00199088
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,001B2269,000000FF), ref: 001990A4
                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,BE732AEF,00000000,?,?,?,?,001B2269,000000FF), ref: 001990BB
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,001B2269,000000FF), ref: 001990E4
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,001B2269,000000FF), ref: 00199128
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,001B2269,000000FF), ref: 0019913E
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,001B2269,000000FF), ref: 0019914E
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to create hash context!,?,?,?,?,001B2269,000000FF), ref: 00199177
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0019918F
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to update hash context!,?,001BB144,00000000,?,?,?,?,001B2269,000000FF), ref: 00199199
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 001991B1
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine digest size!,?,001BB144,00000000,?,?,?,?,001B2269,000000FF), ref: 001991BB
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 001991D3
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to retrieve digest!,?,001BB144,00000000,?,?,?,?,001B2269,000000FF), ref: 001991DD
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 001991F5
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to update hash context!, xrefs: 00199194
                                                                                                                                                                            • Unable to create hash context!, xrefs: 00199172
                                                                                                                                                                            • Unable to retrieve digest!, xrefs: 001991D8
                                                                                                                                                                            • Unable to determine digest size!, xrefs: 001991B6
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$Hash$ErrorException@8LastThrow$Context$DestroyParamRelease$AcquireCreateDatalstrcat
                                                                                                                                                                            • String ID: Unable to create hash context!$Unable to determine digest size!$Unable to retrieve digest!$Unable to update hash context!
                                                                                                                                                                            • API String ID: 827938544-872507617
                                                                                                                                                                            • Opcode ID: d1d4900c2f60f0ce8a1f4dc3aab40f9eab67a12b85810a89f13166b8af5d6efe
                                                                                                                                                                            • Instruction ID: 0ea4cc2ba3f35216bd37bc6b4d88ee1665f57f7d6c1dbc56d2a53ebe165adb2e
                                                                                                                                                                            • Opcode Fuzzy Hash: d1d4900c2f60f0ce8a1f4dc3aab40f9eab67a12b85810a89f13166b8af5d6efe
                                                                                                                                                                            • Instruction Fuzzy Hash: 0351F771A4020AABDF14EFA5DC49FEEBBBCBF19710F104119F511B2690DB74AA44CB64
                                                                                                                                                                            Function 00199340 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00198744,00000000,BE732AEF,?,?,?,00000000), ref: 00199395
                                                                                                                                                                            • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 001993DC
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine digest size!), ref: 0019940A
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00199422
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to retrieve digest!,?,001BB144,00000000), ref: 0019942C
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00199444
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to retrieve digest!, xrefs: 00199427
                                                                                                                                                                            • Unable to determine digest size!, xrefs: 00199405
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CryptErrorException@8HashLastParamThrow
                                                                                                                                                                            • String ID: Unable to determine digest size!$Unable to retrieve digest!
                                                                                                                                                                            • API String ID: 2498184597-199986585
                                                                                                                                                                            • Opcode ID: f768a110a9b88d3f66743432f9c26a437ce1971d522b97a1ac3027fb4f0da471
                                                                                                                                                                            • Instruction ID: 1645af60a4a30d34fb0e55476517a2877332ed48a9f2c42a8e397028b9d5f8b9
                                                                                                                                                                            • Opcode Fuzzy Hash: f768a110a9b88d3f66743432f9c26a437ce1971d522b97a1ac3027fb4f0da471
                                                                                                                                                                            • Instruction Fuzzy Hash: CF314D71A40209ABDB10DF94DD46FEEBBBCEF09704F10411AF511A3680DB746A44CBA4
                                                                                                                                                                            Function 001ACE7E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __floor_pentium4
                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                                                                                            • Opcode ID: cb8f8f5bb525e754ee9a8ad9e81f90fe6aca3383379e62bfedcb861dce482005
                                                                                                                                                                            • Instruction ID: bf8b1dcae9772a18c3a0c1e0cfb80e58bef98e0d38b8f3fc9cd20340af382255
                                                                                                                                                                            • Opcode Fuzzy Hash: cb8f8f5bb525e754ee9a8ad9e81f90fe6aca3383379e62bfedcb861dce482005
                                                                                                                                                                            • Instruction Fuzzy Hash: 97C24D75E086288FDF29CE28ED407EAB7B5EB46305F1541EAD44EE7640E774AE818F40
                                                                                                                                                                            Function 001994D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 001994E2
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to update hash context!), ref: 001994F7
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0019950F
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to update hash context!, xrefs: 001994F2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CryptDataErrorException@8HashLastThrow
                                                                                                                                                                            • String ID: Unable to update hash context!
                                                                                                                                                                            • API String ID: 913647941-2364437153
                                                                                                                                                                            • Opcode ID: ecf5031d07529fb1cd3cddaa15cc8ffbecddf43d0d751f3d21acb0f893146f97
                                                                                                                                                                            • Instruction ID: 08429bc24c9054a0074872e19641272de005d602584bccc061718be0b33787e9
                                                                                                                                                                            • Opcode Fuzzy Hash: ecf5031d07529fb1cd3cddaa15cc8ffbecddf43d0d751f3d21acb0f893146f97
                                                                                                                                                                            • Instruction Fuzzy Hash: 75E04F316402197BCB10BFA8DD4AEAEBB6CBF14700F408554F925A6491EB71E924CB94
                                                                                                                                                                            Function 0019EDE0 Relevance: 5.2, APIs: 4, Instructions: 239memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 0019F034
                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0019F03B
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 0019F058
                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0019F05F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$FreeProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3859560861-0
                                                                                                                                                                            • Opcode ID: 42db3fd6f21bf55f84800ac40e5201ef395888b2c603e19728b9507c42f10a7c
                                                                                                                                                                            • Instruction ID: 80511249c1d04d2de114e1cd3ebd6e6f254a472d6a102eafac3abea9a400f3fd
                                                                                                                                                                            • Opcode Fuzzy Hash: 42db3fd6f21bf55f84800ac40e5201ef395888b2c603e19728b9507c42f10a7c
                                                                                                                                                                            • Instruction Fuzzy Hash: 3A715C72D00229ABDF21DBE4DC85AEFB7FDAB18314F494129ED10E7201E7759D468BA0
                                                                                                                                                                            Function 001A4476 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 001A456E
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 001A4578
                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 001A4585
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                            • Opcode ID: 5d8c41dad6b628dbaca5c0202e3b98817460c7329d7f74292deaa4525f4a7ceb
                                                                                                                                                                            • Instruction ID: 8a299bba0daedd34ae848e6d894f3cc803763d7d4287542f00c983551800eec3
                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8c41dad6b628dbaca5c0202e3b98817460c7329d7f74292deaa4525f4a7ceb
                                                                                                                                                                            • Instruction Fuzzy Hash: D031C67490121CABCB21DF64D88979DBBB8BF59310F5042EAE41CA7251E7709F858F44
                                                                                                                                                                            Function 001A7C5A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,?,001A7C30,00000000,001BBA28,0000000C,001A7D87,00000000,00000002,00000000), ref: 001A7C7B
                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,001A7C30,00000000,001BBA28,0000000C,001A7D87,00000000,00000002,00000000), ref: 001A7C82
                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 001A7C94
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                            • Opcode ID: 9eed6f7d6dcae391af981fd4c3cf1d3ae2d5d3e3c376773ef0689adb3b1f2cd7
                                                                                                                                                                            • Instruction ID: 102a00673294abdbff740d2ae186c0cee24c3c51f4e153679f0f425f79813698
                                                                                                                                                                            • Opcode Fuzzy Hash: 9eed6f7d6dcae391af981fd4c3cf1d3ae2d5d3e3c376773ef0689adb3b1f2cd7
                                                                                                                                                                            • Instruction Fuzzy Hash: 44E08C35008248AFCF027F14DD09A883F6AEF26361F000110F8288A972CB35EF96CB80
                                                                                                                                                                            Function 001AA4B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: /
                                                                                                                                                                            • API String ID: 0-2043925204
                                                                                                                                                                            • Opcode ID: 74c24c74a01abfee17ff827618843f7dccc4dcdfb7c786d66a8c787350fac96d
                                                                                                                                                                            • Instruction ID: 6a710b196d1113b0ae67d5ffceda179ba2cd154d03898de371937da5ff6ff32c
                                                                                                                                                                            • Opcode Fuzzy Hash: 74c24c74a01abfee17ff827618843f7dccc4dcdfb7c786d66a8c787350fac96d
                                                                                                                                                                            • Instruction Fuzzy Hash: 7141287AA002186FCB249FB9CC89EBB77B8EF86710F504269F905C7180E7719E81CB54
                                                                                                                                                                            Function 001AC9D0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                            • Instruction ID: 0294f9f4ece2c76f1d217d425593838d651380cfaf7723a8a6a515f5df63fbc2
                                                                                                                                                                            • Opcode Fuzzy Hash: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                            • Instruction Fuzzy Hash: E5022B75E002199FDF14CFA9C8906AEBBF1EF89324F25826AD819E7344D731A9418BD0
                                                                                                                                                                            Function 001B126C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,001B1267,?,?,00000008,?,?,001B0F07,00000000), ref: 001B1499
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionRaise
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3997070919-0
                                                                                                                                                                            • Opcode ID: 9c117de4f314fa5a0687ca1f143e2f8f83f451c4ec097022fc61a95cdd227954
                                                                                                                                                                            • Instruction ID: ae0f66423627297b80ef8ac34f211b67cddd73b47fb90b53eae658fcd489a587
                                                                                                                                                                            • Opcode Fuzzy Hash: 9c117de4f314fa5a0687ca1f143e2f8f83f451c4ec097022fc61a95cdd227954
                                                                                                                                                                            • Instruction Fuzzy Hash: 2EB15131610608EFD719CF28C49ABA57BE0FF45365F668698E8DACF2A1C335D991CB40
                                                                                                                                                                            Function 00198260 Relevance: 1.5, APIs: 1, Instructions: 34encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptDestroyHash.ADVAPI32(?,BE732AEF,?,?,001B20F0,000000FF), ref: 00198296
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CryptDestroyHash
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 174375392-0
                                                                                                                                                                            • Opcode ID: d6b30cf3d3c892967a41423af9fe5802c6a185af3d4f370dbdc1c8f3c318d415
                                                                                                                                                                            • Instruction ID: 39429fc67f8fb79e91cb76c0393225ca46a6c7d2da266f4719941d811f5cd9b6
                                                                                                                                                                            • Opcode Fuzzy Hash: d6b30cf3d3c892967a41423af9fe5802c6a185af3d4f370dbdc1c8f3c318d415
                                                                                                                                                                            • Instruction Fuzzy Hash: 3EF09071604644ABDB10DF58C910B9AB3ECEB09710F00065AEC15D3780DB76AD04C790
                                                                                                                                                                            Function 001B2660 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(0513B0F8,00000000), ref: 001B266C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ContextCryptRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 829835001-0
                                                                                                                                                                            • Opcode ID: 7efca9ff3dcafbd06e8a90a5f4a701047550035c6058a5017969bbef8c7c1ed9
                                                                                                                                                                            • Instruction ID: a8339aff67ad9184313568b3dbb05937de39584fb08691ce85dbc74673ce1329
                                                                                                                                                                            • Opcode Fuzzy Hash: 7efca9ff3dcafbd06e8a90a5f4a701047550035c6058a5017969bbef8c7c1ed9
                                                                                                                                                                            • Instruction Fuzzy Hash: F9B0127074020057DE209B33ED09B5233AC6B00700F004100FA10D14B0D734D948C524
                                                                                                                                                                            Function 00198EF0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,001983E7,00000000,?,?,?,00000000,00000004,?,00198744,0000800C,BE732AEF,?), ref: 00198EF8
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ContextCryptRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 829835001-0
                                                                                                                                                                            • Opcode ID: c1809e5d9c34b8ec3f99c61efff43a77c051806e0516211af2b4828c1fea8700
                                                                                                                                                                            • Instruction ID: 26b9fe48b28ab19157b4b388434a2651ea91e43008d457ccde12e76a0966bf11
                                                                                                                                                                            • Opcode Fuzzy Hash: c1809e5d9c34b8ec3f99c61efff43a77c051806e0516211af2b4828c1fea8700
                                                                                                                                                                            • Instruction Fuzzy Hash: 70B0123108020CB7C6102B42EC05F45BF2CDB10750F004021F7040447087726570A5A9
                                                                                                                                                                            Function 001A1292 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000112A0,001A0755), ref: 001A1297
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                            • Opcode ID: a69fcc4c3c6f937a857a03e3924114d66d12d4cc7204d8f40852dd6d1177988e
                                                                                                                                                                            • Instruction ID: a7db0bd3127a0c4de86818e9af56ed90486ff86bce9f44c27b555f00c2719115
                                                                                                                                                                            • Opcode Fuzzy Hash: a69fcc4c3c6f937a857a03e3924114d66d12d4cc7204d8f40852dd6d1177988e
                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                            Function 0019D340 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 6cb8ef0b86a3243112646fb8828a6b0cf2864888d8dbc5a2585753582f47f68d
                                                                                                                                                                            • Instruction ID: fa574a9ec0d8221d64dee2693f91b18011b50a9e255a18399a0ed64a3a7b2f98
                                                                                                                                                                            • Opcode Fuzzy Hash: 6cb8ef0b86a3243112646fb8828a6b0cf2864888d8dbc5a2585753582f47f68d
                                                                                                                                                                            • Instruction Fuzzy Hash: 0EA1BE71E04215DBCF18CF68E8919BEB7F5FF48304B25462AE81AE7391D730A940CBA4
                                                                                                                                                                            Function 001A66E4 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: e515ecb4c6a47625f20899894a08e05c05d4fb4b0c72924dfe9e368ea92657cf
                                                                                                                                                                            • Instruction ID: bc1ca3dc2b943526c03ae2306111d534924e0c462997fc2a0866fbd7191eb0c4
                                                                                                                                                                            • Opcode Fuzzy Hash: e515ecb4c6a47625f20899894a08e05c05d4fb4b0c72924dfe9e368ea92657cf
                                                                                                                                                                            • Instruction Fuzzy Hash: B1617B7D61070857DF389AA889AABBE738DDF53718F5C041AE883DB2C2D729DD468311
                                                                                                                                                                            Function 001912F0 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 434windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00191362
                                                                                                                                                                            • PostQuitMessage.USER32(00000002), ref: 0019136A
                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00191386
                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 0019138E
                                                                                                                                                                            • DestroyWindow.USER32 ref: 001913AF
                                                                                                                                                                            • DestroyWindow.USER32 ref: 001913BB
                                                                                                                                                                            • DestroyWindow.USER32 ref: 001913C7
                                                                                                                                                                            • DestroyWindow.USER32 ref: 001913D3
                                                                                                                                                                            • DestroyWindow.USER32 ref: 001913DF
                                                                                                                                                                            • DestroyWindow.USER32 ref: 001913EB
                                                                                                                                                                            • DeleteObject.GDI32 ref: 001913F7
                                                                                                                                                                            • DeleteObject.GDI32 ref: 00191403
                                                                                                                                                                            • DeleteObject.GDI32 ref: 0019140F
                                                                                                                                                                            • DestroyIcon.USER32 ref: 0019141B
                                                                                                                                                                            • SystemParametersInfoW.USER32(00000029,000001F4,000001F4,00000000), ref: 00191460
                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 0019146A
                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00191491
                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 001914B8
                                                                                                                                                                            • LoadImageW.USER32(00000064,00000001,00000030,00000030,00000000), ref: 00191669
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,00000000,50000003,00000010,00000010,00000030,00000030,?,00000000,00000000), ref: 00191695
                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000001), ref: 001916AE
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000050,?,?,?,?,00000000,00000000), ref: 001916ED
                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00191703
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,?,50000000,?,?,?,?,?,00000000,00000000), ref: 00191746
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000010,?,?,?,?,00000000,00000000), ref: 00191787
                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 001917A2
                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 001917B8
                                                                                                                                                                              • Part of subcall function 00193B30: LoadStringW.USER32(00190000,00000000,00000000,00000000), ref: 00193B55
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010001,00000010,?,?,?,?,00000000,00000000), ref: 00191810
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010000,?,?,?,?,?,00000000,00000000), ref: 00191851
                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 0019186C
                                                                                                                                                                            • SendMessageW.USER32(00000030,00000000), ref: 00191882
                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00191898
                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 001918EB
                                                                                                                                                                            • SetFocus.USER32 ref: 001918F7
                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 0019190C
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$CreateDestroy$Message$Send$DeleteFontIndirectObject$InfoLoadParametersPostQuitSystem$FocusIconImageProcString
                                                                                                                                                                            • String ID: BUTTON$STATIC
                                                                                                                                                                            • API String ID: 2791220612-3385952364
                                                                                                                                                                            • Opcode ID: af477f86ba4d45fdc1d41620c6e734cb5f47344d14442df723ae7a0de35d8295
                                                                                                                                                                            • Instruction ID: cf5599bcdad126d7641576f463575ba7812ef18d5bdb46a82d279422b8cd0636
                                                                                                                                                                            • Opcode Fuzzy Hash: af477f86ba4d45fdc1d41620c6e734cb5f47344d14442df723ae7a0de35d8295
                                                                                                                                                                            • Instruction Fuzzy Hash: BB02B171A41219AFEF619FA4DC49BE9BBB4FF48300F004399F619A66A0D7706AD4CF10
                                                                                                                                                                            Function 00191BF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 128windowregistryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • #17.COMCTL32(BE732AEF), ref: 00191C33
                                                                                                                                                                            • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000040), ref: 00191C6A
                                                                                                                                                                            • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00191C85
                                                                                                                                                                              • Part of subcall function 00193B30: LoadStringW.USER32(00190000,00000000,00000000,00000000), ref: 00193B55
                                                                                                                                                                            • GetSystemMetrics.USER32(00000032), ref: 00191CAE
                                                                                                                                                                            • GetSystemMetrics.USER32(00000031), ref: 00191CB8
                                                                                                                                                                            • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00191CC7
                                                                                                                                                                            • RegisterClassExW.USER32(?), ref: 00191CE3
                                                                                                                                                                            • CreateWindowExW.USER32(00000000,?,00000000,90880000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00191D05
                                                                                                                                                                            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00191D1B
                                                                                                                                                                            • IsDialogMessageW.USER32(00000000,?), ref: 00191D2F
                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00191D3D
                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00191D47
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: LoadMessage$Image$MetricsSystem$ClassCreateDialogDispatchRegisterStringTranslateWindow
                                                                                                                                                                            • String ID: 0
                                                                                                                                                                            • API String ID: 2026041735-4108050209
                                                                                                                                                                            • Opcode ID: 5a47eb365cc249df95c26e37918003a44bc9702bd5bf1770045ef91df3643851
                                                                                                                                                                            • Instruction ID: c2d488da517200c54009f6608dcf172a3ffd7b9a15daa773ba6034fd9bbb1361
                                                                                                                                                                            • Opcode Fuzzy Hash: 5a47eb365cc249df95c26e37918003a44bc9702bd5bf1770045ef91df3643851
                                                                                                                                                                            • Instruction Fuzzy Hash: 9F413371A40359BFEB209FE0DC49BAEBBB8FB04710F104255F915AB6D0D7746A44CB50
                                                                                                                                                                            Function 001ABBA7 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___free_lconv_mon.LIBCMT ref: 001ABBEB
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB87B
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB88D
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB89F
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB8B1
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB8C3
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB8D5
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB8E7
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB8F9
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB90B
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB91D
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB92F
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB941
                                                                                                                                                                              • Part of subcall function 001AB85E: _free.LIBCMT ref: 001AB953
                                                                                                                                                                            • _free.LIBCMT ref: 001ABBE0
                                                                                                                                                                              • Part of subcall function 001A8DE9: HeapFree.KERNEL32(00000000,00000000,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?), ref: 001A8DFF
                                                                                                                                                                              • Part of subcall function 001A8DE9: GetLastError.KERNEL32(?,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?,?), ref: 001A8E11
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC02
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC17
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC22
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC44
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC57
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC65
                                                                                                                                                                            • _free.LIBCMT ref: 001ABC70
                                                                                                                                                                            • _free.LIBCMT ref: 001ABCA8
                                                                                                                                                                            • _free.LIBCMT ref: 001ABCAF
                                                                                                                                                                            • _free.LIBCMT ref: 001ABCCC
                                                                                                                                                                            • _free.LIBCMT ref: 001ABCE4
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 161543041-0
                                                                                                                                                                            • Opcode ID: df52f90f4b2d3c407bd1548dece484976828fb72c7056c95de03e9a9e459c6cb
                                                                                                                                                                            • Instruction ID: 9adbb927e0a714a0c63506dfe050dd12e174efe2a937e438967999b6fdba1412
                                                                                                                                                                            • Opcode Fuzzy Hash: df52f90f4b2d3c407bd1548dece484976828fb72c7056c95de03e9a9e459c6cb
                                                                                                                                                                            • Instruction Fuzzy Hash: 28315079508341AFEB20AA79E885F5A77E8EF22320F144429F448D7196DF75EC808B60
                                                                                                                                                                            Function 00195535 Relevance: 16.7, APIs: 11, Instructions: 166synchronizationfileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00198080: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 0019809B
                                                                                                                                                                              • Part of subcall function 00198080: GetProcAddress.KERNEL32(00000000), ref: 001980A2
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000000C1), ref: 00195593
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000000), ref: 001955A2
                                                                                                                                                                            • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 001955D9
                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001955E9
                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,00000420), ref: 00195602
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001975E3
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 001975F4
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00197605
                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 001976A1
                                                                                                                                                                            • _wcsrchr.LIBVCRUNTIME ref: 001976B3
                                                                                                                                                                            • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 001976EF
                                                                                                                                                                            • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00197707
                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 00197718
                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0019771F
                                                                                                                                                                              • Part of subcall function 00193B70: #17.COMCTL32 ref: 00193B84
                                                                                                                                                                              • Part of subcall function 00193B70: LoadStringW.USER32(00190000,000003E9,?,00000000), ref: 00193BA1
                                                                                                                                                                              • Part of subcall function 00193B70: LoadStringW.USER32(00190000,?,?,00000000), ref: 00193BBA
                                                                                                                                                                              • Part of subcall function 00193B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00193BCF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Handle$Close$ExchangeInterlocked$CreateLoadMutexString_wcsrchr$AddressCopyErrorFileHardLastLinkMessageModuleProcRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3636221856-0
                                                                                                                                                                            • Opcode ID: 4867751d2e129a191937332d51a94719195ebd308ad7e98bffab58a1f1646d8f
                                                                                                                                                                            • Instruction ID: 1c4bc9788e79914a82bc0af9fde637f9351eebc585c9bdde24a09b506d86ffcf
                                                                                                                                                                            • Opcode Fuzzy Hash: 4867751d2e129a191937332d51a94719195ebd308ad7e98bffab58a1f1646d8f
                                                                                                                                                                            • Instruction Fuzzy Hash: 67515975A14228ABEF21EBA4DC46FDD77B8AF15704F0401E5F409A3191EB70AF858F61
                                                                                                                                                                            Function 00191FC0 Relevance: 15.1, APIs: 10, Instructions: 136COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateSolidBrush.GDI32(00824049), ref: 00192021
                                                                                                                                                                            • CreateSolidBrush.GDI32(00362620), ref: 00192042
                                                                                                                                                                            • CreateSolidBrush.GDI32(00DBDBDA), ref: 00192054
                                                                                                                                                                            • CreateSolidBrush.GDI32(00F67000), ref: 00192064
                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00192074
                                                                                                                                                                            • FillRect.USER32(?,?), ref: 001920E3
                                                                                                                                                                            • FillRect.USER32(?,?), ref: 0019210D
                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00192118
                                                                                                                                                                            • CreateSolidBrush.GDI32(003F382C), ref: 0019214E
                                                                                                                                                                            • CreateSolidBrush.GDI32(00FF9640), ref: 0019218A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: BrushCreateSolid$FillPaintRect$Begin
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2220257389-0
                                                                                                                                                                            • Opcode ID: 7257e669fccf5f71fcf87cdb7c67dc89094aea6edaf9cce1cba346944877edc2
                                                                                                                                                                            • Instruction ID: c6132a8e23dd67bb58a461273ea5207e810e665780d73f0f91107336d5ba9756
                                                                                                                                                                            • Opcode Fuzzy Hash: 7257e669fccf5f71fcf87cdb7c67dc89094aea6edaf9cce1cba346944877edc2
                                                                                                                                                                            • Instruction Fuzzy Hash: 42518F75A40208EFDF11DFB8E8858A977B4FF19304B144326F916E7661E730AA98CB51
                                                                                                                                                                            Function 001A89B1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _free.LIBCMT ref: 001A89C5
                                                                                                                                                                              • Part of subcall function 001A8DE9: HeapFree.KERNEL32(00000000,00000000,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?), ref: 001A8DFF
                                                                                                                                                                              • Part of subcall function 001A8DE9: GetLastError.KERNEL32(?,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?,?), ref: 001A8E11
                                                                                                                                                                            • _free.LIBCMT ref: 001A89D1
                                                                                                                                                                            • _free.LIBCMT ref: 001A89DC
                                                                                                                                                                            • _free.LIBCMT ref: 001A89E7
                                                                                                                                                                            • _free.LIBCMT ref: 001A89F2
                                                                                                                                                                            • _free.LIBCMT ref: 001A89FD
                                                                                                                                                                            • _free.LIBCMT ref: 001A8A08
                                                                                                                                                                            • _free.LIBCMT ref: 001A8A13
                                                                                                                                                                            • _free.LIBCMT ref: 001A8A1E
                                                                                                                                                                            • _free.LIBCMT ref: 001A8A2C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                            • Opcode ID: 171c4a47be66b5e03046ae4b67e8467679ee8979cfc76fa6581b98e61eadc2d7
                                                                                                                                                                            • Instruction ID: 8739a4a251818fec3ab98c23eb70b5dd255b177fe0c1ca5f31cc1bacb8fad7ed
                                                                                                                                                                            • Opcode Fuzzy Hash: 171c4a47be66b5e03046ae4b67e8467679ee8979cfc76fa6581b98e61eadc2d7
                                                                                                                                                                            • Instruction Fuzzy Hash: B01163BE511108FFCB01EFD5DD42DD93FA5EF25350B5141A6BA088B2A2DB31EA50DB80
                                                                                                                                                                            Function 00198080 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 0019809B
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 001980A2
                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 001980D1
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to determine native architecture of the system!, xrefs: 00198101
                                                                                                                                                                            • IsWow64Process2, xrefs: 00198091
                                                                                                                                                                            • kernel32, xrefs: 00198096
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                            • String ID: IsWow64Process2$Unable to determine native architecture of the system!$kernel32
                                                                                                                                                                            • API String ID: 4190356694-2412497375
                                                                                                                                                                            • Opcode ID: b57cfb47388ee21c6a001f3ee5456177b94a68bbe86ee849fe40756111377731
                                                                                                                                                                            • Instruction ID: 2192b08669fb1cf2099af7bbd8b7b37eca6121bbbbd6bfa4846ef9490dde35c9
                                                                                                                                                                            • Opcode Fuzzy Hash: b57cfb47388ee21c6a001f3ee5456177b94a68bbe86ee849fe40756111377731
                                                                                                                                                                            • Instruction Fuzzy Hash: 4A116135E00218ABCF15AFF8ED559EE77B8EF09700B004296F815D3691DF349A948B91
                                                                                                                                                                            Function 00191100 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59memorystringCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 00191115
                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 0019111F
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000100), ref: 00191157
                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0019115E
                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000060), ref: 0019116D
                                                                                                                                                                            • lstrcpyW.KERNEL32(?,\b86362a5.exe), ref: 00191187
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$AllocProcess$DirectorySystemlstrcpy
                                                                                                                                                                            • String ID: \b86362a5.exe
                                                                                                                                                                            • API String ID: 2190664303-3123522761
                                                                                                                                                                            • Opcode ID: 2df7606397ac8a6df874a2c8d6a98d054e2143a3da5611b796f65a18ca94a4fa
                                                                                                                                                                            • Instruction ID: aad957f08330af661e7d978d93a109eef15c1718b4a153889c1fb56277c86173
                                                                                                                                                                            • Opcode Fuzzy Hash: 2df7606397ac8a6df874a2c8d6a98d054e2143a3da5611b796f65a18ca94a4fa
                                                                                                                                                                            • Instruction Fuzzy Hash: 2B11A776A00712BBD710AFA9DC45A66BBECFF18710B04022AF90597A50D771E8A0C7E4
                                                                                                                                                                            Function 001A8EAA Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,001A90FB,00000001,00000001,8B000053), ref: 001A8F04
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001A8F3C
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,001A90FB,00000001,00000001,8B000053,BE732AEF,?,?), ref: 001A8F8A
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001A9021
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,BE732AEF,8B000053,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 001A9084
                                                                                                                                                                            • __freea.LIBCMT ref: 001A9091
                                                                                                                                                                              • Part of subcall function 001A8E23: HeapAlloc.KERNEL32(00000000,?,?,?,001A2AA0,?,?,?,?,?,00197DDD,?,?), ref: 001A8E55
                                                                                                                                                                            • __freea.LIBCMT ref: 001A909A
                                                                                                                                                                            • __freea.LIBCMT ref: 001A90BF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2597970681-0
                                                                                                                                                                            • Opcode ID: e49db81028a098242a8517ebfbefca1cfe39999d403801010aa34e46ea290aaf
                                                                                                                                                                            • Instruction ID: 9777b8671a8c9b9d3669a3e7a617e891f3ffdfca8906148bc5aeb767cb2523f6
                                                                                                                                                                            • Opcode Fuzzy Hash: e49db81028a098242a8517ebfbefca1cfe39999d403801010aa34e46ea290aaf
                                                                                                                                                                            • Instruction Fuzzy Hash: 2F51F076610206AFEB259F74CD81EBB7BAEEF467A0F154628FC05D6141EB34DC80C6A0
                                                                                                                                                                            Function 001AEEDD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,001AF652,00000000,00000000,00000000,00000000,00000000,001A67BA), ref: 001AEF1F
                                                                                                                                                                            • __fassign.LIBCMT ref: 001AEF9A
                                                                                                                                                                            • __fassign.LIBCMT ref: 001AEFB5
                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 001AEFDB
                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00000000,001AF652,00000000,?,?,?,?,?,?,?,?,?,001AF652,00000000), ref: 001AEFFA
                                                                                                                                                                            • WriteFile.KERNEL32(?,00000000,00000001,001AF652,00000000,?,?,?,?,?,?,?,?,?,001AF652,00000000), ref: 001AF033
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1324828854-0
                                                                                                                                                                            • Opcode ID: d552b78f1194e739d3d36bd0d8224c0cd9e92e439ad96079a1ee1b795486c413
                                                                                                                                                                            • Instruction ID: 0c2e1a9494095496b175e6bc97b7b6e28cb12c113bdeb8cb3e09c7ce5dbe497c
                                                                                                                                                                            • Opcode Fuzzy Hash: d552b78f1194e739d3d36bd0d8224c0cd9e92e439ad96079a1ee1b795486c413
                                                                                                                                                                            • Instruction Fuzzy Hash: 8D51A174A002499FCB10CFA8DC45AEEBBF9EF0A310F14416AF551E7292D7309941CB60
                                                                                                                                                                            Function 001A1D80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 001A1DAB
                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 001A1DB3
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 001A1E41
                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 001A1E6C
                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 001A1EC1
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                            • Opcode ID: 0bdd7de2e80f148ef829ef8f04ecd6410a6468b7fe2a68907f0fc53f53226400
                                                                                                                                                                            • Instruction ID: 9ba4bcf7152731a16b6f4249b44595b15902d9529c346e4f3c316c1d41d4840a
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bdd7de2e80f148ef829ef8f04ecd6410a6468b7fe2a68907f0fc53f53226400
                                                                                                                                                                            • Instruction Fuzzy Hash: B241A13CA00218ABCF11DF68C884ADEBBB5BF56324F148155EC14AB392D771DE15CB90
                                                                                                                                                                            Function 0019D860 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___from_strstr_to_strchr.LIBCMT ref: 0019D90A
                                                                                                                                                                              • Part of subcall function 00197DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00197DD8
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0019D997
                                                                                                                                                                              • Part of subcall function 001A203A: RaiseException.KERNEL32(?,?,00198071,?,?,?,?,?,?,?,?,00198071,?,001BB144,00000000), ref: 001A209A
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0019D9B2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Exception@8Throw$ExceptionRaise___from_strstr_to_strchr___std_exception_copy
                                                                                                                                                                            • String ID: 0123456789ABCDEF$Unable to convert invalid hexadecimal character!$Unable to convert invalid hexadecimal string!
                                                                                                                                                                            • API String ID: 2723989866-230084144
                                                                                                                                                                            • Opcode ID: b662821eff9a6915958c89df6c227278de3e2c53e517fe9408f9dfb7b73182fb
                                                                                                                                                                            • Instruction ID: df5fc2ae3c531755050c279a02407e9c2f6bbeaee87ad5c74dae1f95bc576efb
                                                                                                                                                                            • Opcode Fuzzy Hash: b662821eff9a6915958c89df6c227278de3e2c53e517fe9408f9dfb7b73182fb
                                                                                                                                                                            • Instruction Fuzzy Hash: 91412070A04609AFCF14DFA8C691BEEBBF8EF15714F108129E455B7682D774E944CBA0
                                                                                                                                                                            Function 00193280 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FindResourceW.KERNEL32(00190000,EDAT_ECOO,0000000A), ref: 00193294
                                                                                                                                                                            • LoadResource.KERNEL32(00190000,00000000), ref: 001932AB
                                                                                                                                                                            • SizeofResource.KERNEL32(00190000,00000000), ref: 001932B9
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$FindLoadSizeof
                                                                                                                                                                            • String ID: $@$EDAT_ECOO
                                                                                                                                                                            • API String ID: 507330600-2393187713
                                                                                                                                                                            • Opcode ID: ef079280dd0962ee7f1fcc66513a0137082c96fc564f9171a391db475d80bd3c
                                                                                                                                                                            • Instruction ID: 920f19bf35b87e3a443495fb593c251f9ef488dec126f6d0db83183b78d7a442
                                                                                                                                                                            • Opcode Fuzzy Hash: ef079280dd0962ee7f1fcc66513a0137082c96fc564f9171a391db475d80bd3c
                                                                                                                                                                            • Instruction Fuzzy Hash: D6313832A90B52D7DF308F7888D5669B3A1BF95384705472EF45697502EF70AB948340
                                                                                                                                                                            Function 001ABA01 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 001AB9C5: _free.LIBCMT ref: 001AB9EE
                                                                                                                                                                            • _free.LIBCMT ref: 001ABA4F
                                                                                                                                                                              • Part of subcall function 001A8DE9: HeapFree.KERNEL32(00000000,00000000,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?), ref: 001A8DFF
                                                                                                                                                                              • Part of subcall function 001A8DE9: GetLastError.KERNEL32(?,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?,?), ref: 001A8E11
                                                                                                                                                                            • _free.LIBCMT ref: 001ABA5A
                                                                                                                                                                            • _free.LIBCMT ref: 001ABA65
                                                                                                                                                                            • _free.LIBCMT ref: 001ABAB9
                                                                                                                                                                            • _free.LIBCMT ref: 001ABAC4
                                                                                                                                                                            • _free.LIBCMT ref: 001ABACF
                                                                                                                                                                            • _free.LIBCMT ref: 001ABADA
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                            • Opcode ID: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                            • Instruction ID: 66bf6234f6a9bbf303f94d26463185a2ff3395d76c1375aca0348853e6960cc6
                                                                                                                                                                            • Opcode Fuzzy Hash: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                            • Instruction Fuzzy Hash: 54115BB9945B48BAE620BBB0CC87FDB779CAF23701F404815B39AA60D3DB65B5048690
                                                                                                                                                                            Function 001A2FFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,001A2FF1,001A2215), ref: 001A3008
                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 001A3016
                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001A302F
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,001A2FF1,001A2215), ref: 001A3081
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                            • Opcode ID: 65648be441d9df81b9661b3e42aef52d0ce8a8ffbeb89b39ca4da7d43274cdbf
                                                                                                                                                                            • Instruction ID: 31e081f76404ac58300577c16c5df5bd518317f7dd1988e6ccad74ac1fe082eb
                                                                                                                                                                            • Opcode Fuzzy Hash: 65648be441d9df81b9661b3e42aef52d0ce8a8ffbeb89b39ca4da7d43274cdbf
                                                                                                                                                                            • Instruction Fuzzy Hash: 2001D43A2087116EA62536747E857AB77B4DB137753200329F230910F0EF914D416241
                                                                                                                                                                            Function 001A8AA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,001A4E11,?,?,?,001A52E9,BE732AEF,00000000,?,0019D904,0123456789ABCDEF,BE732AEF,?,?,00000000), ref: 001A8AA9
                                                                                                                                                                            • _free.LIBCMT ref: 001A8ADC
                                                                                                                                                                            • _free.LIBCMT ref: 001A8B04
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,001A52E9,BE732AEF,00000000,?,0019D904,0123456789ABCDEF,BE732AEF,?,?,00000000,00198722), ref: 001A8B11
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,001A52E9,BE732AEF,00000000,?,0019D904,0123456789ABCDEF,BE732AEF,?,?,00000000,00198722), ref: 001A8B1D
                                                                                                                                                                            • _abort.LIBCMT ref: 001A8B23
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3160817290-0
                                                                                                                                                                            • Opcode ID: d7a1fd9cfbd5720d2596a01a11137a6d9cf129fb3434d3cc84bb17845c5f4184
                                                                                                                                                                            • Instruction ID: 43141df5e938279fb011961b3d6ca695864220842b046e2f3a7cf1b1182c2c9f
                                                                                                                                                                            • Opcode Fuzzy Hash: d7a1fd9cfbd5720d2596a01a11137a6d9cf129fb3434d3cc84bb17845c5f4184
                                                                                                                                                                            • Instruction Fuzzy Hash: CFF02D7E240A003BC2027378AC0AF6F2A69AFE3730F250626F925D36D3EF6188524120
                                                                                                                                                                            Function 00198F10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to decode base64 string!), ref: 00198FD7
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00198FEF
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to decode base64 string!,?,001BB144,00000000), ref: 00198FF9
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00199011
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorException@8LastThrow
                                                                                                                                                                            • String ID: Unable to decode base64 string!
                                                                                                                                                                            • API String ID: 1006195485-979745446
                                                                                                                                                                            • Opcode ID: d471bfbd0e68108abdc603b667166608d0ae9f05bfda48018ed06b61392a8cef
                                                                                                                                                                            • Instruction ID: 86c292fbaa8b41c7f645ee9c044d8b237043bdcaff2aa020b99839e9cc676342
                                                                                                                                                                            • Opcode Fuzzy Hash: d471bfbd0e68108abdc603b667166608d0ae9f05bfda48018ed06b61392a8cef
                                                                                                                                                                            • Instruction Fuzzy Hash: E1318D74A44219ABDB20DF95DC46FEEBBB8FF09B00F104119F511A72C0DBB4A544CBA4
                                                                                                                                                                            Function 00193BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00193BF5
                                                                                                                                                                              • Part of subcall function 001A059D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 001A05A9
                                                                                                                                                                              • Part of subcall function 001A059D: __CxxThrowException@8.LIBVCRUNTIME ref: 001A05B7
                                                                                                                                                                            • std::_Xinvalid_argument.LIBCPMT ref: 00193C05
                                                                                                                                                                              • Part of subcall function 001A05BD: std::invalid_argument::invalid_argument.LIBCONCRT ref: 001A05C9
                                                                                                                                                                              • Part of subcall function 001A05BD: __CxxThrowException@8.LIBVCRUNTIME ref: 001A05D7
                                                                                                                                                                              • Part of subcall function 001A05BD: ___delayLoadHelper2@8.DELAYIMP ref: 001A05EF
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument$Helper2@8Load___delay
                                                                                                                                                                            • String ID: invalid string_view position$string too long$vector<T> too long
                                                                                                                                                                            • API String ID: 1134749845-2832074639
                                                                                                                                                                            • Opcode ID: f08471eeb4906407089cb499525930d969a5100979e5e907b822d06f79b67740
                                                                                                                                                                            • Instruction ID: 0122dac1e8a14547687608e4423edbc7d83a07629094282ba651cdf21745b26d
                                                                                                                                                                            • Opcode Fuzzy Hash: f08471eeb4906407089cb499525930d969a5100979e5e907b822d06f79b67740
                                                                                                                                                                            • Instruction Fuzzy Hash: B9F05C70500A0C4A8B0CA3309C078A833859D1A334B60072AF835C64D1DF20EF158922
                                                                                                                                                                            Function 001A7CDF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,001A7C90,00000000,?,001A7C30,00000000,001BBA28,0000000C,001A7D87,00000000,00000002), ref: 001A7CFF
                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 001A7D12
                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,001A7C90,00000000,?,001A7C30,00000000,001BBA28,0000000C,001A7D87,00000000,00000002), ref: 001A7D35
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                            • Opcode ID: 133470678ad095ca5070f767a572146cf3155c00327474607b19fa2117c1a0ec
                                                                                                                                                                            • Instruction ID: 68b326e8a435e217fc0cf6f0a056b1d1c5628972e7f1546a13acb720277e317b
                                                                                                                                                                            • Opcode Fuzzy Hash: 133470678ad095ca5070f767a572146cf3155c00327474607b19fa2117c1a0ec
                                                                                                                                                                            • Instruction Fuzzy Hash: 48F0683560421CBBCB11AFA4DC19BEDBFB9EF09711F004298F805A61A0DB715FD0CA90
                                                                                                                                                                            Function 001A81DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 269201875-0
                                                                                                                                                                            • Opcode ID: c052da896f98d570ec422454859733d81b056c4466fab34d8310b5e20f99571f
                                                                                                                                                                            • Instruction ID: d3a7285b72a02c9c61dd2212c142013469288e61d6d6766d0d9c516e861d5931
                                                                                                                                                                            • Opcode Fuzzy Hash: c052da896f98d570ec422454859733d81b056c4466fab34d8310b5e20f99571f
                                                                                                                                                                            • Instruction Fuzzy Hash: 8641E27AA002049FDB14DFB8C881A6EB7F5EF8A714F154569E505EB281DB30AD01CB80
                                                                                                                                                                            Function 001AA07D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(BE732AEF,00000000,8B000053,0019D904,00000000,00000000,?,?,?,BE732AEF,00000001,0019D904,8B000053,00000001,?,?), ref: 001AA0CA
                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001AA102
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 001AA153
                                                                                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 001AA165
                                                                                                                                                                            • __freea.LIBCMT ref: 001AA16E
                                                                                                                                                                              • Part of subcall function 001A8E23: HeapAlloc.KERNEL32(00000000,?,?,?,001A2AA0,?,?,?,?,?,00197DDD,?,?), ref: 001A8E55
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1857427562-0
                                                                                                                                                                            • Opcode ID: fcdc8163037cc452befcaf61a2592a1690821aae7024f01c1992dded9f0a6abb
                                                                                                                                                                            • Instruction ID: 179967b9a3eef4d84f0cc33bbe7e481f20e67baf600cf3440484e97297f6d547
                                                                                                                                                                            • Opcode Fuzzy Hash: fcdc8163037cc452befcaf61a2592a1690821aae7024f01c1992dded9f0a6abb
                                                                                                                                                                            • Instruction Fuzzy Hash: 2631DE76A0020AABDF259F64CC45DAF7BA5EF42710F440229FC14D6290EB35CD94CBA1
                                                                                                                                                                            Function 001A8B29 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,001A5183,001A8E66,?,?,001A2AA0,?,?,?,?,?,00197DDD,?,?), ref: 001A8B2E
                                                                                                                                                                            • _free.LIBCMT ref: 001A8B63
                                                                                                                                                                            • _free.LIBCMT ref: 001A8B8A
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?), ref: 001A8B97
                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?), ref: 001A8BA0
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$_free
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3170660625-0
                                                                                                                                                                            • Opcode ID: 3165c7311e21a9bb820984127a1609468a284a5b838ef5b59330932eadd952f0
                                                                                                                                                                            • Instruction ID: 4dc891a7a6786497135039c6e6c3f3f085c161e7a4c27b624bd97532af7a0777
                                                                                                                                                                            • Opcode Fuzzy Hash: 3165c7311e21a9bb820984127a1609468a284a5b838ef5b59330932eadd952f0
                                                                                                                                                                            • Instruction Fuzzy Hash: 5301F4BE2407006BD2123678AC85E2B2669EFE37757210125F516E2292EF7089115130
                                                                                                                                                                            Function 001AB95C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _free.LIBCMT ref: 001AB974
                                                                                                                                                                              • Part of subcall function 001A8DE9: HeapFree.KERNEL32(00000000,00000000,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?), ref: 001A8DFF
                                                                                                                                                                              • Part of subcall function 001A8DE9: GetLastError.KERNEL32(?,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?,?), ref: 001A8E11
                                                                                                                                                                            • _free.LIBCMT ref: 001AB986
                                                                                                                                                                            • _free.LIBCMT ref: 001AB998
                                                                                                                                                                            • _free.LIBCMT ref: 001AB9AA
                                                                                                                                                                            • _free.LIBCMT ref: 001AB9BC
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                            • Opcode ID: 21e217f6c7afa31d3fafa089ed46832532bde259540f3275c76b7f857fb658d3
                                                                                                                                                                            • Instruction ID: 4b5a25f6f4b1441edf93e84bb284ac73b210163d54cb4dfd7d3945477cb9f1ec
                                                                                                                                                                            • Opcode Fuzzy Hash: 21e217f6c7afa31d3fafa089ed46832532bde259540f3275c76b7f857fb658d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 24F012BA519240BF8620EBA4F4C7C5773D9EB167147544905F149D7992CF34FCC04694
                                                                                                                                                                            Function 001A8450 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • _free.LIBCMT ref: 001A846E
                                                                                                                                                                              • Part of subcall function 001A8DE9: HeapFree.KERNEL32(00000000,00000000,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?), ref: 001A8DFF
                                                                                                                                                                              • Part of subcall function 001A8DE9: GetLastError.KERNEL32(?,?,001AB9F3,?,00000000,?,00000000,?,001ABA1A,?,00000007,?,?,001ABD3F,?,?), ref: 001A8E11
                                                                                                                                                                            • _free.LIBCMT ref: 001A8480
                                                                                                                                                                            • _free.LIBCMT ref: 001A8493
                                                                                                                                                                            • _free.LIBCMT ref: 001A84A4
                                                                                                                                                                            • _free.LIBCMT ref: 001A84B5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 776569668-0
                                                                                                                                                                            • Opcode ID: 7aef6311ff4cba02e3cd70012b5ceb0a2fe63d03f386358a1696c0a9d95e26a6
                                                                                                                                                                            • Instruction ID: 4e412fa15e18f7e998264c795fadd5df6ef7ea98129640f39c32f941aa7d11e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 7aef6311ff4cba02e3cd70012b5ceb0a2fe63d03f386358a1696c0a9d95e26a6
                                                                                                                                                                            • Instruction Fuzzy Hash: DBF05EBD805220EBEB11AF69FC815883BE5E72A720704075AF410D6AF0CF7589C28FD1
                                                                                                                                                                            Function 001A750E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe,00000104), ref: 001A7549
                                                                                                                                                                            • _free.LIBCMT ref: 001A7614
                                                                                                                                                                            • _free.LIBCMT ref: 001A761E
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _free$FileModuleName
                                                                                                                                                                            • String ID: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                                            • API String ID: 2506810119-113941937
                                                                                                                                                                            • Opcode ID: 562eefd2d28b4580490f494f6bb412d65be0c484937387a5ee22217a0f522d08
                                                                                                                                                                            • Instruction ID: 60f88d556ffe3721dcdc992c0c80f6d42148f26a7dab9d974a27e376ddc05ebe
                                                                                                                                                                            • Opcode Fuzzy Hash: 562eefd2d28b4580490f494f6bb412d65be0c484937387a5ee22217a0f522d08
                                                                                                                                                                            • Instruction Fuzzy Hash: 753163B9E08218AFDB21DF999D85D9EBBFCEB96310F144166E40497291D7708F40CBA0
                                                                                                                                                                            Function 00197FE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00198004
                                                                                                                                                                            • GetLastError.KERNEL32(Unable to determine the operating system version!), ref: 0019804E
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0019806C
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to determine the operating system version!, xrefs: 00198049
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorException@8LastThrowVersion
                                                                                                                                                                            • String ID: Unable to determine the operating system version!
                                                                                                                                                                            • API String ID: 2663129220-661432720
                                                                                                                                                                            • Opcode ID: f1a3986dff8dbcc13456873d70fd119a1ffe61e9e68f58c210baf749eef22da3
                                                                                                                                                                            • Instruction ID: 7ef18c62df8c66cdffe8a257eb507a386319d431d97d4969e40b8d05673ebcd0
                                                                                                                                                                            • Opcode Fuzzy Hash: f1a3986dff8dbcc13456873d70fd119a1ffe61e9e68f58c210baf749eef22da3
                                                                                                                                                                            • Instruction Fuzzy Hash: 5701DB7091416C56CB19AB69DC655FD7BF8EF09301F4001DDF4A5E2182DB389B44DFA0
                                                                                                                                                                            Function 001A92FC Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1036877536-0
                                                                                                                                                                            • Opcode ID: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                            • Instruction ID: ae13128d25c75b8f63e9acf2a668aab12707309678a56a55dbf3669dafd5a640
                                                                                                                                                                            • Opcode Fuzzy Hash: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                            • Instruction Fuzzy Hash: 54A15979D043869FDB26CF68C8927AEBBE1EF27350F14416EE4859B282D7348D81C750
                                                                                                                                                                            Function 001911E0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetDC.USER32(?), ref: 00191206
                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00191214
                                                                                                                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,-00000002,?), ref: 0019128F
                                                                                                                                                                            • ReleaseDC.USER32(?,?), ref: 001912D5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExtentObjectPoint32ReleaseSelectText
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4006923989-0
                                                                                                                                                                            • Opcode ID: 4fcd96865c4d782a92ecaf004d3b44420dde521508fba57c20954feee65bd358
                                                                                                                                                                            • Instruction ID: 64848cb7548a2361788e2e907f14e6ced8f0a43b6408aa0719cb111f6f93699a
                                                                                                                                                                            • Opcode Fuzzy Hash: 4fcd96865c4d782a92ecaf004d3b44420dde521508fba57c20954feee65bd358
                                                                                                                                                                            • Instruction Fuzzy Hash: F1310B75A40218ABCB509F649C45ADAB7F9FF49310F1481E9E949A3200DB74AF968FD0
                                                                                                                                                                            Function 001A32B2 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 001A32CC
                                                                                                                                                                              • Part of subcall function 001A3219: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 001A3248
                                                                                                                                                                              • Part of subcall function 001A3219: ___AdjustPointer.LIBCMT ref: 001A3263
                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 001A32E1
                                                                                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 001A32F2
                                                                                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 001A331A
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 737400349-0
                                                                                                                                                                            • Opcode ID: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                            • Instruction ID: acc5c6c0b4d65e519c62e2b6a6a8753f5628d2bdd281a080ec7517dc6a324dc1
                                                                                                                                                                            • Opcode Fuzzy Hash: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                            • Instruction Fuzzy Hash: 74014C36200108BBDF126E95CC46FEB7F69FFAA754F044105FE58A6121C736E961DBA0
                                                                                                                                                                            Function 001AB1D4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,001AB17B,?,00000000,00000000,00000000,?,001AB378,00000006,FlsSetValue), ref: 001AB206
                                                                                                                                                                            • GetLastError.KERNEL32(?,001AB17B,?,00000000,00000000,00000000,?,001AB378,00000006,FlsSetValue,001B6E08,FlsSetValue,00000000,00000364,?,001A8B77), ref: 001AB212
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,001AB17B,?,00000000,00000000,00000000,?,001AB378,00000006,FlsSetValue,001B6E08,FlsSetValue,00000000), ref: 001AB220
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3177248105-0
                                                                                                                                                                            • Opcode ID: e30a94ee6b2278557fcbcb3dceef8d624635b21747aee7e0d36593ed1ec74061
                                                                                                                                                                            • Instruction ID: d78a083f221231e2000adcb4d00c7d7059002f3ef98facd6ad1b1d795f0e3386
                                                                                                                                                                            • Opcode Fuzzy Hash: e30a94ee6b2278557fcbcb3dceef8d624635b21747aee7e0d36593ed1ec74061
                                                                                                                                                                            • Instruction Fuzzy Hash: 61014C3A2162626BC7204A7CAC84B5A7798EF077A17110323F816D7542D730E840C6D0
                                                                                                                                                                            Function 001A0A80 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(001BEA40,?,?,0019219F,001BE97C), ref: 001A0A8A
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(001BEA40,?,?,0019219F,001BE97C), ref: 001A0ABD
                                                                                                                                                                            • SetEvent.KERNEL32(00000000,0019219F,001BE97C), ref: 001A0B4B
                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 001A0B57
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3553466030-0
                                                                                                                                                                            • Opcode ID: 769d4604c53a8bce080c9ef8ac87534ad270f5d8aaaf4b81dab36e8f50976793
                                                                                                                                                                            • Instruction ID: 36957aee77b9b616ca659bf15ae778556656eb622b6e3af321b9456afadb1cf9
                                                                                                                                                                            • Opcode Fuzzy Hash: 769d4604c53a8bce080c9ef8ac87534ad270f5d8aaaf4b81dab36e8f50976793
                                                                                                                                                                            • Instruction Fuzzy Hash: 00014B35B00224DFCB05AF68FD5CAD97BECFB4A3117014669F80297B21CB716A90CB94
                                                                                                                                                                            Function 00193B70 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • #17.COMCTL32 ref: 00193B84
                                                                                                                                                                            • LoadStringW.USER32(00190000,000003E9,?,00000000), ref: 00193BA1
                                                                                                                                                                            • LoadStringW.USER32(00190000,?,?,00000000), ref: 00193BBA
                                                                                                                                                                            • MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00193BCF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: LoadString$Message
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2278601591-0
                                                                                                                                                                            • Opcode ID: d689718897f7e38ab3c82cb513fe3c5595eb0c37eba8bea8b235c2d620260325
                                                                                                                                                                            • Instruction ID: 677aa39e6f5ce18f9cb959c125d4a2f03588a2948471e60f0d4a5dd0e1cf8da3
                                                                                                                                                                            • Opcode Fuzzy Hash: d689718897f7e38ab3c82cb513fe3c5595eb0c37eba8bea8b235c2d620260325
                                                                                                                                                                            • Instruction Fuzzy Hash: 33F04F35A44208BFDB01AF94DC0ABDDBB78EF08701F004195FA14A62D0CBB06A94CB95
                                                                                                                                                                            Function 00198880 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 315COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00198C7A
                                                                                                                                                                              • Part of subcall function 0019FC70: GetProcessHeap.KERNEL32(00000000,?,?,?,?,00000000), ref: 0019FCB3
                                                                                                                                                                              • Part of subcall function 0019FC70: HeapFree.KERNEL32(00000000), ref: 0019FCBA
                                                                                                                                                                              • Part of subcall function 0019ED90: GetProcessHeap.KERNEL32(00000000,8B55CCCC,001982E6,?,00198A31,?,?,?), ref: 0019EDB7
                                                                                                                                                                              • Part of subcall function 0019ED90: HeapFree.KERNEL32(00000000,?,?), ref: 0019EDBE
                                                                                                                                                                              • Part of subcall function 0019FAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0019FC26
                                                                                                                                                                              • Part of subcall function 0019FAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0019FC2D
                                                                                                                                                                              • Part of subcall function 0019FAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0019FC4D
                                                                                                                                                                              • Part of subcall function 0019FAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0019FC54
                                                                                                                                                                              • Part of subcall function 0019E450: GetProcessHeap.KERNEL32(00000000,00000001), ref: 0019EC60
                                                                                                                                                                              • Part of subcall function 0019E450: HeapFree.KERNEL32(00000000), ref: 0019EC67
                                                                                                                                                                            Strings
                                                                                                                                                                            • Unable to read digest or signature!, xrefs: 00198C47
                                                                                                                                                                            • Unable to initialize DSA parameters!, xrefs: 00198C50
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$FreeProcess$Exception@8Throw
                                                                                                                                                                            • String ID: Unable to initialize DSA parameters!$Unable to read digest or signature!
                                                                                                                                                                            • API String ID: 786774151-2226104879
                                                                                                                                                                            • Opcode ID: d878073c26251a36fed92febabe0266a4b0efbe488bf5ca1a33514593ebf5120
                                                                                                                                                                            • Instruction ID: abc3450e37dd33431128abb0996304df22196670f11e9c000eb6dde3f1a29e19
                                                                                                                                                                            • Opcode Fuzzy Hash: d878073c26251a36fed92febabe0266a4b0efbe488bf5ca1a33514593ebf5120
                                                                                                                                                                            • Instruction Fuzzy Hash: 73B1DCB2D0021CAADF50DAE4DD45BDEB3BCAB19304F0445A6E509E7152FB70EA89CB61
                                                                                                                                                                            Function 001A16E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 001A176C: GetLastError.KERNEL32 ref: 001A177E
                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0019100A), ref: 001A1713
                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0019100A), ref: 001A1722
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 001A171D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 389471666-631824599
                                                                                                                                                                            • Opcode ID: c8d60cf881b9cbcda841d0b1e501285d22acb10bf7418fbc6e48be059b64cc69
                                                                                                                                                                            • Instruction ID: 9be4c503a2528f3e7fb2001fabfcb556979000be43b4c9ff527872ef5aa04d52
                                                                                                                                                                            • Opcode Fuzzy Hash: c8d60cf881b9cbcda841d0b1e501285d22acb10bf7418fbc6e48be059b64cc69
                                                                                                                                                                            • Instruction Fuzzy Hash: EAE092786007118FD360AFB5E5057827BE4BF15384F00891CE461C3B41DBB4E444CBA1
                                                                                                                                                                            Function 0019FAC0 Relevance: 5.2, APIs: 4, Instructions: 151memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0019FC26
                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0019FC2D
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0019FC4D
                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0019FC54
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$FreeProcess
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3859560861-0
                                                                                                                                                                            • Opcode ID: ea6aa22493440890981b7ae48ec9318c98ce5e4522a0287cb52e8e0b96c51a9b
                                                                                                                                                                            • Instruction ID: 3e50a5fbc7a976bf317e6fd5c378c892f5fbfd6439ddc1c6bca03af3d4e4cbfa
                                                                                                                                                                            • Opcode Fuzzy Hash: ea6aa22493440890981b7ae48ec9318c98ce5e4522a0287cb52e8e0b96c51a9b
                                                                                                                                                                            • Instruction Fuzzy Hash: 17515B71E00219AFCF10DFA4C985AEEBBB8EF19314F04416CE815AB351D775AE46CBA0
                                                                                                                                                                            Function 0019F800 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000004,?,?,?,0019FCED,?,00000000,?,?,?,00000000), ref: 0019F814
                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,0019FCED,?,00000000,?,?,?,00000000), ref: 0019F81B
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,0019FCED,?,00000000,?,?,?,00000000), ref: 0019F85A
                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0019F861
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                            • Opcode ID: ce71f4e7eba25f2b37ffabbf9944b91c9c87e1242c462b37ff9c2ae4f49da4a8
                                                                                                                                                                            • Instruction ID: 7a5fd0cc239f1db81941b46b89ad726ab087a389b0622dac5d0bcf36de712a97
                                                                                                                                                                            • Opcode Fuzzy Hash: ce71f4e7eba25f2b37ffabbf9944b91c9c87e1242c462b37ff9c2ae4f49da4a8
                                                                                                                                                                            • Instruction Fuzzy Hash: AB11CEB6600521BBD710AF68DC06B6AF768FF40364F048724F928DBA80C331E961CBD0
                                                                                                                                                                            Function 0019F080 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,0019FCDE,?,?,?,?,?,00000000), ref: 0019F0A3
                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,0019FCDE,?,?,?,?,?,00000000), ref: 0019F0AA
                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,0019FCDE,?,?,?,?,?,00000000), ref: 0019F0E2
                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 0019F0E9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000000.00000002.3327713845.0000000000191000.00000020.00000001.01000000.00000003.sdmp, Offset: 00190000, based on PE: true
                                                                                                                                                                            • Associated: 00000000.00000002.3327584447.0000000000190000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3327958783.00000000001B3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328119801.00000000001BE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            • Associated: 00000000.00000002.3328238474.00000000001C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_0_2_190000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$Process$AllocFree
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 756756679-0
                                                                                                                                                                            • Opcode ID: a89de386c580d06de35d175f9d553f8bd0c34cc05ff4874f7979f849361a7546
                                                                                                                                                                            • Instruction ID: 9d1a9bdbdbc211d9b9bcaf973ce5248e278abad0bb1749bf92ab7e15fde521fb
                                                                                                                                                                            • Opcode Fuzzy Hash: a89de386c580d06de35d175f9d553f8bd0c34cc05ff4874f7979f849361a7546
                                                                                                                                                                            • Instruction Fuzzy Hash: 0801F571600201AFE710AF9DDC45A27B79DFF40320F04852EF52AC3661D731E840CB60

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:5.1%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                            Total number of Limit Nodes:66
                                                                                                                                                                            execution_graph 11870 7ff7c7a355b0 IsProcessorFeaturePresent 11871 7ff7c7a355e7 GetModuleHandleA GetProcAddress 11870->11871 11872 7ff7c7a3561b 11871->11872 11891 7ff7c7aa97e4 11872->11891 11876 7ff7c7a98644 __scrt_release_startup_lock 11878 7ff7c7a987a2 11876->11878 11887 7ff7c7a98733 11876->11887 11900 7ff7c7aa96a4 11876->11900 11879 7ff7c7aa955c 7 API calls 11878->11879 11880 7ff7c7a987ad std::locale::_Setgloballocale 11879->11880 11910 7ff7c79fc7b0 11880->11910 11885 7ff7c7a98833 11925 7ff7c79fddc0 11885->11925 11903 7ff7c7aa955c IsProcessorFeaturePresent 11887->11903 11888 7ff7c7a9883c 11932 7ff7c7aa5758 11888->11932 11890 7ff7c7a98869 11892 7ff7c7aa9807 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 11891->11892 11893 7ff7c7a35620 11891->11893 11892->11893 11894 7ff7c7aa8d34 11893->11894 11895 7ff7c7aa8d3c 11894->11895 11896 7ff7c7aa8d48 __scrt_dllmain_crt_thread_attach 11895->11896 11897 7ff7c7aa8d51 11896->11897 11898 7ff7c7aa8d55 11896->11898 11897->11876 11898->11897 11935 7ff7c7aabd98 11898->11935 11962 7ff7c7af3040 11900->11962 11904 7ff7c7aa9582 memcpy_s _invalid_parameter_noinfo_noreturn 11903->11904 11905 7ff7c7aa95a1 RtlCaptureContext RtlLookupFunctionEntry 11904->11905 11906 7ff7c7aa95ca RtlVirtualUnwind 11905->11906 11907 7ff7c7aa9606 memcpy_s 11905->11907 11906->11907 11908 7ff7c7aa9638 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11907->11908 11909 7ff7c7aa9686 _invalid_parameter_noinfo_noreturn 11908->11909 11909->11878 11911 7ff7c7aaab30 __std_exception_copy 54 API calls 11910->11911 11912 7ff7c79fc819 11911->11912 11913 7ff7c79fc83a 11912->11913 11964 7ff7c7aaabc0 11912->11964 11915 7ff7c7aaabc0 __std_exception_destroy 13 API calls 11913->11915 11917 7ff7c79fc849 11915->11917 11919 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 11917->11919 11918 7ff7c7aaab30 __std_exception_copy 54 API calls 11918->11913 11920 7ff7c79fc859 11919->11920 11921 7ff7c7a164b0 11920->11921 11922 7ff7c7a164c9 11921->11922 11923 7ff7c7a164ed 11921->11923 11922->11921 11922->11923 11924 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 11922->11924 11923->11885 11924->11922 11968 7ff7c7a99260 RtlCaptureContext 11925->11968 11930 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 11931 7ff7c79fdea9 11930->11931 11931->11888 11994 7ff7c7aaaafc 11932->11994 11934 7ff7c7aa576a 11934->11890 11936 7ff7c7aabda0 11935->11936 11937 7ff7c7aabdaa 11935->11937 11941 7ff7c7aabf54 11936->11941 11937->11897 11942 7ff7c7aabf63 11941->11942 11944 7ff7c7aabda5 11941->11944 11949 7ff7c7ab737c 11942->11949 11945 7ff7c7ab7190 11944->11945 11946 7ff7c7ab71bb 11945->11946 11947 7ff7c7ab71bf 11946->11947 11948 7ff7c7ab719e DeleteCriticalSection 11946->11948 11947->11937 11948->11946 11953 7ff7c7ab71e4 11949->11953 11954 7ff7c7ab72ce TlsFree 11953->11954 11959 7ff7c7ab7228 __vcrt_InitializeCriticalSectionEx 11953->11959 11955 7ff7c7ab7256 LoadLibraryExW 11957 7ff7c7ab72f5 11955->11957 11958 7ff7c7ab7277 GetLastError 11955->11958 11956 7ff7c7ab7315 GetProcAddress 11956->11954 11957->11956 11960 7ff7c7ab730c FreeLibrary 11957->11960 11958->11959 11959->11954 11959->11955 11959->11956 11961 7ff7c7ab7299 LoadLibraryExW 11959->11961 11960->11956 11961->11957 11961->11959 11963 7ff7c7aa96bb GetStartupInfoW 11962->11963 11963->11887 11965 7ff7c7aaabcf 11964->11965 11966 7ff7c79fc82c 11964->11966 11967 7ff7c7ab8a80 __std_exception_destroy 13 API calls 11965->11967 11966->11918 11967->11966 11969 7ff7c7a992b0 11968->11969 11969->11969 11980 7ff7c7a99550 11969->11980 11972 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 11973 7ff7c79fddf6 11972->11973 11974 7ff7c7a99410 11973->11974 11975 7ff7c7a99451 11974->11975 11988 7ff7c7a99360 11975->11988 11978 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 11979 7ff7c79fde96 11978->11979 11979->11930 11981 7ff7c7a99590 11980->11981 11981->11981 11982 7ff7c7a995e3 RtlLookupFunctionEntry 11981->11982 11983 7ff7c7a99695 11982->11983 11984 7ff7c7a99639 11982->11984 11986 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 11983->11986 11984->11983 11985 7ff7c7a99647 RtlVirtualUnwind RtlLookupFunctionEntry 11984->11985 11985->11983 11985->11984 11987 7ff7c7a9933e 11986->11987 11987->11972 11989 7ff7c7a9939a RaiseException 11988->11989 11991 7ff7c7a993f8 11989->11991 11992 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 11991->11992 11993 7ff7c7a99405 11992->11993 11993->11978 11997 7ff7c7aabde0 11994->11997 12003 7ff7c7aabdfc 11997->12003 12000 7ff7c7aaab05 12000->11934 12001 7ff7c7ac9d88 std::locale::_Setgloballocale 52 API calls 12002 7ff7c7aabdf8 12001->12002 12004 7ff7c7aabde9 12003->12004 12005 7ff7c7aabe1b GetLastError 12003->12005 12004->12000 12004->12001 12017 7ff7c7ab73c4 12005->12017 12018 7ff7c7ab71e4 __vcrt_InitializeCriticalSectionEx 5 API calls 12017->12018 12019 7ff7c7ab73eb TlsGetValue 12018->12019 12021 7ff7c7a30850 12026 7ff7c79fcce0 12021->12026 12023 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12025 7ff7c7a30916 12023->12025 12036 7ff7c79fdc20 12026->12036 12028 7ff7c79fcd3b 12029 7ff7c79fcdc2 12028->12029 12032 7ff7c79fcd8e 12028->12032 12030 7ff7c7aaabc0 __std_exception_destroy 13 API calls 12029->12030 12031 7ff7c79fcdbd 12030->12031 12034 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12031->12034 12033 7ff7c7aaabc0 __std_exception_destroy 13 API calls 12032->12033 12033->12031 12035 7ff7c79fce03 12034->12035 12035->12023 12047 7ff7c79fdec0 12036->12047 12040 7ff7c79fdcfe 12040->12028 12041 7ff7c79fdc55 12041->12040 12096 7ff7c7a16170 12041->12096 12048 7ff7c79fdf01 12047->12048 12050 7ff7c79fe06c 12047->12050 12049 7ff7c79fe012 12048->12049 12099 7ff7c79fcab0 12048->12099 12052 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12049->12052 12053 7ff7c79fd9d0 59 API calls 12050->12053 12055 7ff7c79fdc4d 12052->12055 12056 7ff7c79fe08b 12053->12056 12081 7ff7c7a88650 12055->12081 12060 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12056->12060 12057 7ff7c79fdf31 12114 7ff7c79fe200 12057->12114 12058 7ff7c79fdfcf 12059 7ff7c79fdfd4 WaitForSingleObject 12058->12059 12078 7ff7c79fdfc1 12058->12078 12059->12078 12064 7ff7c79fe09b 12060->12064 12063 7ff7c79fdff7 CloseHandle 12067 7ff7c7aa8990 12063->12067 12069 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12064->12069 12065 7ff7c79fe03e 12141 7ff7c79fd9d0 12065->12141 12066 7ff7c79fdf6e 12068 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12066->12068 12067->12049 12070 7ff7c79fdf83 12068->12070 12073 7ff7c79fe0ec 12069->12073 12117 7ff7c7a88f20 12070->12117 12079 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12073->12079 12077 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12077->12050 12078->12049 12078->12063 12080 7ff7c79fe140 12079->12080 12091 7ff7c7a88666 12081->12091 12092 7ff7c7a886b0 12081->12092 12083 7ff7c7a8867d 12083->12041 12085 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12088 7ff7c7a886cc 12085->12088 12403 7ff7c79fc910 12088->12403 12089 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12089->12092 12091->12083 12094 7ff7c7a16170 55 API calls 12091->12094 12095 7ff7c7a88694 12091->12095 12397 7ff7c7a88850 12092->12397 12094->12095 12391 7ff7c7a887d0 12095->12391 12406 7ff7c7aa57e0 12096->12406 12147 7ff7c7a88480 12099->12147 12101 7ff7c79fcaf1 12102 7ff7c79fcb23 12101->12102 12103 7ff7c79fcb0c CloseHandle 12101->12103 12104 7ff7c79fcb45 12102->12104 12105 7ff7c79fcb5b 12102->12105 12106 7ff7c7aa8990 12103->12106 12107 7ff7c79fcb4c LeaveCriticalSection 12104->12107 12110 7ff7c79fcb57 12104->12110 12108 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12105->12108 12106->12102 12107->12110 12109 7ff7c79fcb65 CreateEventW 12108->12109 12109->12110 12111 7ff7c79fcb9a LeaveCriticalSection 12109->12111 12112 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12110->12112 12111->12110 12113 7ff7c79fcbb4 12112->12113 12113->12057 12113->12058 12158 7ff7c79fe2f0 12114->12158 12118 7ff7c7a88f3b 12117->12118 12118->12118 12236 7ff7c7a88ea0 12118->12236 12122 7ff7c7a88f55 12258 7ff7c7a888d0 EnterCriticalSection 12122->12258 12125 7ff7c7a88550 12126 7ff7c7a88480 73 API calls 12125->12126 12127 7ff7c7a88590 12126->12127 12128 7ff7c7a88616 12127->12128 12129 7ff7c7a885a3 SetEvent 12127->12129 12133 7ff7c79fd9d0 59 API calls 12128->12133 12130 7ff7c7a885bf 12129->12130 12137 7ff7c7a885db 12129->12137 12134 7ff7c7a885c4 CloseHandle 12130->12134 12130->12137 12131 7ff7c7a885f8 12135 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12131->12135 12132 7ff7c7a885ed LeaveCriticalSection 12132->12131 12136 7ff7c7a88637 12133->12136 12134->12137 12138 7ff7c7a88605 12135->12138 12139 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12136->12139 12137->12131 12137->12132 12138->12078 12140 7ff7c7a88648 12139->12140 12142 7ff7c79fd9eb 12141->12142 12143 7ff7c79fc7b0 54 API calls 12142->12143 12144 7ff7c79fda00 12143->12144 12145 7ff7c79fddc0 13 API calls 12144->12145 12146 7ff7c79fda13 12145->12146 12146->12077 12148 7ff7c7a884a9 12147->12148 12149 7ff7c7a8852d EnterCriticalSection 12147->12149 12150 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12148->12150 12149->12101 12151 7ff7c7a884b6 InitializeCriticalSection 12150->12151 12152 7ff7c7a884ef 12151->12152 12153 7ff7c7a884d7 DeleteCriticalSection 12151->12153 12154 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12152->12154 12157 7ff7c7a884ed 12153->12157 12155 7ff7c7a884f9 12154->12155 12156 7ff7c7a88f20 73 API calls 12155->12156 12156->12157 12157->12149 12159 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12158->12159 12160 7ff7c79fe2fe 12159->12160 12163 7ff7c79fe320 12160->12163 12164 7ff7c79fe374 12163->12164 12166 7ff7c79fdf5a 12164->12166 12167 7ff7c79fe450 12164->12167 12166->12065 12166->12066 12168 7ff7c79fe48e 12167->12168 12175 7ff7c7a647c0 12168->12175 12173 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12174 7ff7c79fe5e4 12173->12174 12174->12166 12185 7ff7c7a64860 InitOnceBeginInitialize 12175->12185 12178 7ff7c7aab8d0 12179 7ff7c7aab916 12178->12179 12180 7ff7c79fe55c 12178->12180 12181 7ff7c7aab93c RtlPcToFileHeader 12179->12181 12182 7ff7c7aab95a FindMITargetTypeInstance 12179->12182 12180->12173 12181->12182 12182->12180 12183 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12182->12183 12184 7ff7c7aaba34 12183->12184 12186 7ff7c7a648b6 12185->12186 12202 7ff7c7a64a2c 12185->12202 12188 7ff7c7a64999 12186->12188 12190 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12186->12190 12187 7ff7c7ac9d88 std::locale::_Setgloballocale 52 API calls 12189 7ff7c7a64a32 12187->12189 12191 7ff7c7a649e4 12188->12191 12192 7ff7c7a64a05 12188->12192 12215 7ff7c7aa7410 12189->12215 12193 7ff7c7a648d8 12190->12193 12196 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12191->12196 12210 7ff7c7a53380 12192->12210 12205 7ff7c7a657f0 12193->12205 12200 7ff7c79fe4a7 12196->12200 12199 7ff7c7a64a38 12200->12178 12201 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12201->12202 12202->12187 12203 7ff7c7a64983 InitOnceComplete 12203->12188 12203->12189 12204 7ff7c7a6490a 12204->12203 12206 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12205->12206 12207 7ff7c7a65841 InitializeCriticalSection 12206->12207 12208 7ff7c7a65e90 57 API calls 12207->12208 12209 7ff7c7a65875 12208->12209 12209->12204 12211 7ff7c79fc7b0 54 API calls 12210->12211 12212 7ff7c7a533a9 12211->12212 12213 7ff7c79fddc0 13 API calls 12212->12213 12214 7ff7c7a533b2 12213->12214 12214->12201 12216 7ff7c7ac9d88 std::locale::_Setgloballocale 52 API calls 12215->12216 12217 7ff7c7aa7419 12216->12217 12218 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 12217->12218 12219 7ff7c7aa743a 12218->12219 12220 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 12219->12220 12224 7ff7c7aa7489 12219->12224 12221 7ff7c7aa745f 12220->12221 12225 7ff7c7aa5ec0 std::_Lockit::~_Lockit LeaveCriticalSection 12221->12225 12222 7ff7c7aa74d6 12223 7ff7c7aa5ec0 std::_Lockit::~_Lockit LeaveCriticalSection 12222->12223 12226 7ff7c7aa7521 12223->12226 12224->12222 12227 7ff7c7aa7810 92 API calls 12224->12227 12225->12224 12226->12199 12228 7ff7c7aa74e8 12227->12228 12229 7ff7c7aa752f 12228->12229 12230 7ff7c7aa74ee 12228->12230 12231 7ff7c7a15e90 Concurrency::cancel_current_task RtlPcToFileHeader RaiseException 12229->12231 12232 7ff7c7aa5acc std::_Facet_Register 56 API calls 12230->12232 12233 7ff7c7aa7534 12231->12233 12232->12222 12234 7ff7c7aa7592 12233->12234 12235 7ff7c7aa7a6c 86 API calls 12233->12235 12234->12199 12235->12234 12237 7ff7c7a88eb3 12236->12237 12238 7ff7c7a88ef7 12236->12238 12271 7ff7c7aa8f20 12237->12271 12246 7ff7c7a88a00 12238->12246 12241 7ff7c7aa8f20 55 API calls 12242 7ff7c7a88ecb 12241->12242 12243 7ff7c7aa8f20 55 API calls 12242->12243 12244 7ff7c7a88ed7 12243->12244 12274 7ff7c7a98a70 12244->12274 12247 7ff7c7a88a96 12246->12247 12248 7ff7c7a88a14 12246->12248 12247->12122 12249 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12248->12249 12250 7ff7c7a88a30 InitializeCriticalSection 12249->12250 12250->12247 12251 7ff7c7a88a9b 12250->12251 12292 7ff7c7a537b0 12251->12292 12253 7ff7c7a88aa0 12297 7ff7c7a15fc0 12253->12297 12255 7ff7c7a88aa9 12256 7ff7c7a15fc0 52 API calls 12255->12256 12257 7ff7c7a88ab2 DeleteCriticalSection 12256->12257 12257->12247 12263 7ff7c7a88962 12258->12263 12265 7ff7c7a88927 12258->12265 12259 7ff7c7a889d0 LeaveCriticalSection 12260 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12259->12260 12262 7ff7c79fdfb2 12260->12262 12262->12125 12263->12259 12264 7ff7c7a88981 12263->12264 12312 7ff7c7a894a0 12263->12312 12268 7ff7c7a88cc0 74 API calls 12264->12268 12265->12259 12267 7ff7c7a88960 12265->12267 12302 7ff7c7a88cc0 12265->12302 12267->12259 12269 7ff7c7a889a2 12268->12269 12269->12259 12270 7ff7c7a88cc0 74 API calls 12269->12270 12270->12269 12277 7ff7c7aa8ee4 12271->12277 12273 7ff7c7a88ebf 12273->12241 12275 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12274->12275 12276 7ff7c7a98a93 12275->12276 12276->12238 12276->12276 12278 7ff7c7aa8ef7 12277->12278 12279 7ff7c7aa8efe 12277->12279 12278->12273 12281 7ff7c7ad53e0 12279->12281 12284 7ff7c7ad501c 12281->12284 12291 7ff7c7ad3748 EnterCriticalSection 12284->12291 12293 7ff7c7a537cc 12292->12293 12294 7ff7c7a53822 12292->12294 12293->12294 12295 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12293->12295 12294->12253 12296 7ff7c7a53847 12295->12296 12298 7ff7c7a15fd7 12297->12298 12299 7ff7c7a16000 12297->12299 12298->12299 12300 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12298->12300 12299->12255 12301 7ff7c7a16020 12300->12301 12301->12255 12324 7ff7c7a975a0 12302->12324 12305 7ff7c7a88d50 12308 7ff7c7a88d5e 12305->12308 12338 7ff7c7a89230 12305->12338 12306 7ff7c7a88def 12306->12308 12309 7ff7c7a894a0 76 API calls 12306->12309 12310 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12308->12310 12309->12308 12311 7ff7c7a88e78 12310->12311 12311->12265 12313 7ff7c7a895b3 12312->12313 12314 7ff7c7a894f5 12312->12314 12315 7ff7c79ff840 56 API calls 12313->12315 12316 7ff7c7a89515 12314->12316 12317 7ff7c7a895b8 12314->12317 12315->12317 12318 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 12316->12318 12319 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 12317->12319 12321 7ff7c7a8952a memcpy_s 12318->12321 12320 7ff7c7a895be 12319->12320 12320->12264 12356 7ff7c79ff920 12321->12356 12323 7ff7c7a8959e 12323->12264 12325 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12324->12325 12326 7ff7c7a975f9 12325->12326 12327 7ff7c7a97632 GetModuleHandleW GetProcAddress 12326->12327 12328 7ff7c7a977e8 12327->12328 12329 7ff7c7a9766e 12327->12329 12349 7ff7c7a97820 12328->12349 12332 7ff7c7aa89e0 std::_Facet_Register 56 API calls 12329->12332 12335 7ff7c7a9768c 12329->12335 12332->12335 12333 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12334 7ff7c7a9781a 12333->12334 12336 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12335->12336 12337 7ff7c7a88d40 12336->12337 12337->12305 12337->12306 12339 7ff7c7a89485 12338->12339 12340 7ff7c7a8927e 12338->12340 12353 7ff7c79ff840 12339->12353 12342 7ff7c7a8948b 12340->12342 12343 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 12340->12343 12344 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 12342->12344 12346 7ff7c7a892b6 12343->12346 12345 7ff7c7a89491 12344->12345 12347 7ff7c7a8944d 12346->12347 12348 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12346->12348 12347->12308 12348->12339 12350 7ff7c7a9783b 12349->12350 12351 7ff7c79fc7b0 54 API calls 12350->12351 12352 7ff7c7a97809 12351->12352 12352->12333 12354 7ff7c7aa4d18 Concurrency::cancel_current_task 56 API calls 12353->12354 12355 7ff7c79ff850 12354->12355 12357 7ff7c79ff946 12356->12357 12358 7ff7c79ff96f 12356->12358 12357->12358 12359 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12357->12359 12358->12323 12360 7ff7c79ff9a4 12359->12360 12364 7ff7c79ff9f2 12360->12364 12367 7ff7c79fe150 12360->12367 12364->12323 12383 7ff7c7aa4d3c 12367->12383 12388 7ff7c7aa4c0c 12383->12388 12386 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12387 7ff7c7aa4d5e 12386->12387 12389 7ff7c7aaab30 __std_exception_copy 54 API calls 12388->12389 12390 7ff7c7aa4c40 12389->12390 12390->12386 12392 7ff7c7a88802 12391->12392 12393 7ff7c79fc7b0 54 API calls 12392->12393 12394 7ff7c7a88825 12393->12394 12395 7ff7c7a164b0 52 API calls 12394->12395 12396 7ff7c7a8869f 12395->12396 12396->12089 12398 7ff7c7a88882 12397->12398 12399 7ff7c79fc7b0 54 API calls 12398->12399 12400 7ff7c7a888a5 12399->12400 12401 7ff7c7a164b0 52 API calls 12400->12401 12402 7ff7c7a886bb 12401->12402 12402->12085 12404 7ff7c7aaab30 __std_exception_copy 54 API calls 12403->12404 12405 7ff7c79fc94b 12404->12405 12405->12041 12408 7ff7c7aa580e 12406->12408 12414 7ff7c7aa5827 12406->12414 12407 7ff7c7aa592a RaiseException 12409 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12407->12409 12410 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12408->12410 12411 7ff7c7a16188 12409->12411 12410->12414 12412 7ff7c7aa595d 12413 7ff7c7ac9d88 std::locale::_Setgloballocale 52 API calls 12412->12413 12415 7ff7c7aa5962 12413->12415 12414->12407 12414->12412 12416 7ff7c7aa58e7 std::_Locinfo::_Locinfo_ctor 12414->12416 12416->12407 11603 7ff7c79fbbd0 11604 7ff7c79fbc31 11603->11604 11608 7ff7c79fbc58 memcpy_s 11603->11608 11605 7ff7c79fbc46 11604->11605 11606 7ff7c79fbcc4 11604->11606 11639 7ff7c79fc020 11605->11639 11614 7ff7c79fc1e0 11606->11614 11610 7ff7c79fbcc9 11613 7ff7c79fbcfe memcpy_s 11610->11613 11628 7ff7c79fbd70 11610->11628 11612 7ff7c79fbd5d 11615 7ff7c79fc1ee Concurrency::cancel_current_task 11614->11615 11657 7ff7c7aaba40 11615->11657 11617 7ff7c79fc1ff 11618 7ff7c79fc23a 11617->11618 11619 7ff7c79fc2e8 11617->11619 11621 7ff7c79fc248 memcpy_s 11618->11621 11622 7ff7c79fc279 11618->11622 11623 7ff7c79fc2ed 11618->11623 11662 7ff7c79fbfb0 11619->11662 11621->11610 11624 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 11622->11624 11625 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 11623->11625 11627 7ff7c79fc290 memcpy_s 11624->11627 11626 7ff7c79fc2f3 11625->11626 11626->11610 11627->11610 11631 7ff7c79fbdb3 11628->11631 11635 7ff7c79fbef0 11628->11635 11629 7ff7c79fbfb0 Concurrency::cancel_current_task 56 API calls 11630 7ff7c79fbef6 11629->11630 11630->11612 11632 7ff7c79fbeea 11631->11632 11633 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 11631->11633 11634 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 11632->11634 11636 7ff7c79fbe23 memcpy_s 11633->11636 11634->11635 11635->11629 11637 7ff7c79fbe97 memcpy_s 11636->11637 11824 7ff7c7ab89f0 11636->11824 11637->11612 11640 7ff7c79fc061 11639->11640 11641 7ff7c79fc037 11639->11641 11642 7ff7c79fc06f 11640->11642 11651 7ff7c7ad4fac std::_Facet_Register 2 API calls 11640->11651 11652 7ff7c7aa8a0a 11640->11652 11643 7ff7c79fc076 11641->11643 11644 7ff7c79fc040 11641->11644 11642->11608 11645 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 11643->11645 11829 7ff7c7aa89e0 11644->11829 11647 7ff7c79fc048 11645->11647 11648 7ff7c79fc050 11647->11648 11649 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 11647->11649 11648->11608 11650 7ff7c79fc081 11649->11650 11651->11640 11653 7ff7c7aa8a15 11652->11653 11838 7ff7c7aa4cb4 11652->11838 11654 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 11653->11654 11656 7ff7c7aa8a1b 11654->11656 11658 7ff7c7aaba5f 11657->11658 11659 7ff7c7aabaaa RaiseException 11658->11659 11660 7ff7c7aaba88 RtlPcToFileHeader 11658->11660 11659->11617 11661 7ff7c7aabaa0 11660->11661 11661->11659 11672 7ff7c7aa4d18 11662->11672 11677 7ff7c7aa4b88 11672->11677 11675 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 11676 7ff7c7aa4d3a 11675->11676 11680 7ff7c7aaab30 11677->11680 11681 7ff7c7aa4bbc 11680->11681 11683 7ff7c7aaab51 11680->11683 11681->11675 11682 7ff7c7aaab86 11695 7ff7c7ab8a80 11682->11695 11683->11681 11683->11682 11686 7ff7c7accd04 11683->11686 11687 7ff7c7accd11 11686->11687 11688 7ff7c7accd1b 11686->11688 11687->11688 11690 7ff7c7accd36 11687->11690 11702 7ff7c7aba67c 11688->11702 11692 7ff7c7accd2e 11690->11692 11693 7ff7c7aba67c memcpy_s 11 API calls 11690->11693 11692->11682 11694 7ff7c7accd22 11693->11694 11705 7ff7c7ab89d0 11694->11705 11696 7ff7c7ad6874 11695->11696 11697 7ff7c7ad68aa 11696->11697 11698 7ff7c7ad6879 RtlFreeHeap 11696->11698 11697->11681 11698->11697 11699 7ff7c7ad6894 GetLastError 11698->11699 11700 7ff7c7ad68a1 __free_lconv_num 11699->11700 11701 7ff7c7aba67c memcpy_s 11 API calls 11700->11701 11701->11697 11708 7ff7c7ad6628 GetLastError 11702->11708 11704 7ff7c7aba685 11704->11694 11758 7ff7c7ab8864 11705->11758 11709 7ff7c7ad6669 FlsSetValue 11708->11709 11713 7ff7c7ad664c 11708->11713 11710 7ff7c7ad667b 11709->11710 11714 7ff7c7ad6659 11709->11714 11725 7ff7c7ad6a40 11710->11725 11711 7ff7c7ad66d5 SetLastError 11711->11704 11713->11709 11713->11714 11714->11711 11716 7ff7c7ad66a8 FlsSetValue 11719 7ff7c7ad66b4 FlsSetValue 11716->11719 11720 7ff7c7ad66c6 11716->11720 11717 7ff7c7ad6698 FlsSetValue 11718 7ff7c7ad66a1 11717->11718 11732 7ff7c7ad6874 11718->11732 11719->11718 11738 7ff7c7ad625c 11720->11738 11724 7ff7c7ad6874 __free_lconv_num 5 API calls 11724->11711 11731 7ff7c7ad6a51 memcpy_s 11725->11731 11726 7ff7c7ad6aa2 11728 7ff7c7aba67c memcpy_s 10 API calls 11726->11728 11727 7ff7c7ad6a86 HeapAlloc 11729 7ff7c7ad668a 11727->11729 11727->11731 11728->11729 11729->11716 11729->11717 11731->11726 11731->11727 11743 7ff7c7ad4fac 11731->11743 11733 7ff7c7ad68aa 11732->11733 11734 7ff7c7ad6879 RtlFreeHeap 11732->11734 11733->11714 11734->11733 11735 7ff7c7ad6894 GetLastError 11734->11735 11736 7ff7c7ad68a1 __free_lconv_num 11735->11736 11737 7ff7c7aba67c memcpy_s 9 API calls 11736->11737 11737->11733 11746 7ff7c7ad6134 11738->11746 11744 7ff7c7ad4fe8 std::_Facet_Register EnterCriticalSection LeaveCriticalSection 11743->11744 11745 7ff7c7ad4fba 11744->11745 11745->11731 11747 7ff7c7ad3748 std::_Locinfo::_Locinfo_ctor EnterCriticalSection 11746->11747 11748 7ff7c7ad6150 11747->11748 11749 7ff7c7ad37a8 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 11748->11749 11750 7ff7c7ad6168 11749->11750 11751 7ff7c7ad61b4 11750->11751 11752 7ff7c7ad3748 std::_Locinfo::_Locinfo_ctor EnterCriticalSection 11751->11752 11753 7ff7c7ad61d0 11752->11753 11754 7ff7c7ad6448 memcpy_s 11 API calls 11753->11754 11755 7ff7c7ad61e6 11754->11755 11756 7ff7c7ad37a8 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 11755->11756 11757 7ff7c7ad61ee 11756->11757 11757->11724 11759 7ff7c7ab888f 11758->11759 11766 7ff7c7ab8900 11759->11766 11762 7ff7c7ab88d9 11763 7ff7c7ab88ee 11762->11763 11765 7ff7c7ab85e0 ProcessCodePage 52 API calls 11762->11765 11763->11692 11765->11763 11785 7ff7c7ab8648 11766->11785 11769 7ff7c7ab88b6 11769->11762 11776 7ff7c7ab85e0 11769->11776 11777 7ff7c7ab8633 11776->11777 11778 7ff7c7ab85f3 GetLastError 11776->11778 11777->11762 11779 7ff7c7ab8603 11778->11779 11798 7ff7c7ad66f0 11779->11798 11782 7ff7c7ab8641 11815 7ff7c7ac9d88 11782->11815 11784 7ff7c7ab8646 11786 7ff7c7ab869f 11785->11786 11787 7ff7c7ab8664 GetLastError 11785->11787 11786->11769 11791 7ff7c7ab86b4 11786->11791 11788 7ff7c7ab8674 11787->11788 11789 7ff7c7ad66f0 ProcessCodePage 16 API calls 11788->11789 11790 7ff7c7ab868f SetLastError 11789->11790 11790->11786 11792 7ff7c7ab86d0 GetLastError SetLastError 11791->11792 11793 7ff7c7ab86e8 11791->11793 11792->11793 11793->11769 11794 7ff7c7ab8a20 IsProcessorFeaturePresent 11793->11794 11795 7ff7c7ab8a33 11794->11795 11796 7ff7c7ab8700 _invalid_parameter_noinfo_noreturn 14 API calls 11795->11796 11797 7ff7c7ab8a4e GetCurrentProcess TerminateProcess 11796->11797 11799 7ff7c7ad670f FlsGetValue 11798->11799 11800 7ff7c7ad672a FlsSetValue 11798->11800 11801 7ff7c7ad6724 11799->11801 11803 7ff7c7ab861e SetLastError 11799->11803 11802 7ff7c7ad6737 11800->11802 11800->11803 11801->11800 11804 7ff7c7ad6a40 memcpy_s 11 API calls 11802->11804 11803->11777 11803->11782 11805 7ff7c7ad6746 11804->11805 11806 7ff7c7ad6764 FlsSetValue 11805->11806 11807 7ff7c7ad6754 FlsSetValue 11805->11807 11808 7ff7c7ad6770 FlsSetValue 11806->11808 11809 7ff7c7ad6782 11806->11809 11810 7ff7c7ad675d 11807->11810 11808->11810 11811 7ff7c7ad625c memcpy_s 11 API calls 11809->11811 11812 7ff7c7ad6874 __free_lconv_num 11 API calls 11810->11812 11813 7ff7c7ad678a 11811->11813 11812->11803 11814 7ff7c7ad6874 __free_lconv_num 11 API calls 11813->11814 11814->11803 11816 7ff7c7adb2ec std::locale::_Setgloballocale EnterCriticalSection LeaveCriticalSection 11815->11816 11817 7ff7c7ac9d91 11816->11817 11818 7ff7c7ac9da0 11817->11818 11819 7ff7c7adb33c std::locale::_Setgloballocale 51 API calls 11817->11819 11820 7ff7c7ac9da9 IsProcessorFeaturePresent 11818->11820 11823 7ff7c7ac9dd3 std::locale::_Setgloballocale 11818->11823 11819->11818 11821 7ff7c7ac9db8 11820->11821 11822 7ff7c7ab8700 _invalid_parameter_noinfo_noreturn 14 API calls 11821->11822 11822->11823 11823->11784 11825 7ff7c7ab8864 _invalid_parameter_noinfo 52 API calls 11824->11825 11826 7ff7c7ab8a09 11825->11826 11827 7ff7c7ab8a20 _invalid_parameter_noinfo_noreturn 17 API calls 11826->11827 11828 7ff7c7ab8a1e 11827->11828 11831 7ff7c7aa89eb 11829->11831 11830 7ff7c7aa8a04 11830->11647 11831->11830 11832 7ff7c7ad4fac std::_Facet_Register 2 API calls 11831->11832 11833 7ff7c7aa8a0a 11831->11833 11832->11831 11834 7ff7c7aa8a15 11833->11834 11836 7ff7c7aa4cb4 Concurrency::cancel_current_task 56 API calls 11833->11836 11835 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 11834->11835 11837 7ff7c7aa8a1b 11835->11837 11836->11834 11839 7ff7c7aa4cc2 Concurrency::cancel_current_task 11838->11839 11840 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 11839->11840 11841 7ff7c7aa4cd3 Concurrency::cancel_current_task 11840->11841 11842 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 11841->11842 11843 7ff7c7aa4cf3 11842->11843 11848 7ff7c7a162b0 11843->11848 11846 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 11847 7ff7c7aa4d16 11846->11847 11851 7ff7c7a162f0 11848->11851 11852 7ff7c7aaab30 __std_exception_copy 54 API calls 11851->11852 11853 7ff7c7a16340 11852->11853 11856 7ff7c7aa8970 11853->11856 11857 7ff7c7aa8979 11856->11857 11858 7ff7c7a162d1 11857->11858 11859 7ff7c7aa90d0 IsProcessorFeaturePresent 11857->11859 11858->11846 11860 7ff7c7aa90e8 11859->11860 11865 7ff7c7aa92d0 RtlCaptureContext 11860->11865 11866 7ff7c7aa92ea RtlLookupFunctionEntry 11865->11866 11867 7ff7c7aa9300 RtlVirtualUnwind 11866->11867 11868 7ff7c7aa90fb 11866->11868 11867->11866 11867->11868 11869 7ff7c7aa9090 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 11868->11869 13729 7ff7c7a25900 13730 7ff7c7a2592b 13729->13730 13733 7ff7c7ac8b04 13730->13733 13734 7ff7c7ac8b3d 13733->13734 13737 7ff7c7ac8b80 13734->13737 13743 7ff7c7ac3ef0 13734->13743 13735 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13739 7ff7c7ac8bbf 13735->13739 13737->13735 13737->13739 13738 7ff7c7ac8be5 13741 7ff7c7a2594c 13738->13741 13742 7ff7c7ab85e0 ProcessCodePage 52 API calls 13738->13742 13739->13738 13740 7ff7c7ab85e0 ProcessCodePage 52 API calls 13739->13740 13740->13738 13742->13741 13744 7ff7c7ac3f5f 13743->13744 13745 7ff7c7ac3f33 13743->13745 13744->13745 13746 7ff7c7ac3f69 13744->13746 13747 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13745->13747 13754 7ff7c7ac6794 13746->13754 13748 7ff7c7ac3f57 13747->13748 13750 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13748->13750 13751 7ff7c7ac4078 13750->13751 13751->13737 13752 7ff7c7ad6874 __free_lconv_num 11 API calls 13752->13748 13755 7ff7c7ac67d2 13754->13755 13760 7ff7c7ac67c2 13754->13760 13756 7ff7c7ac67d8 13755->13756 13763 7ff7c7ac6808 13755->13763 13759 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13756->13759 13757 7ff7c7ac4007 13757->13752 13758 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13758->13757 13759->13757 13760->13758 13763->13757 13763->13760 13765 7ff7c7ac7430 13763->13765 13796 7ff7c7ac6eb8 13763->13796 13831 7ff7c7ac5ff0 13763->13831 13766 7ff7c7ac74e6 13765->13766 13767 7ff7c7ac7474 13765->13767 13769 7ff7c7ac7564 13766->13769 13770 7ff7c7ac74ec 13766->13770 13768 7ff7c7ac7557 13767->13768 13780 7ff7c7ac747a 13767->13780 13862 7ff7c7ac5200 13768->13862 13869 7ff7c7ac7bcc 13769->13869 13770->13768 13772 7ff7c7ac7550 13770->13772 13773 7ff7c7ac74f8 13770->13773 13858 7ff7c7ac7fb4 13772->13858 13777 7ff7c7ac7530 13773->13777 13778 7ff7c7ac74fe 13773->13778 13775 7ff7c7ac74b9 13794 7ff7c7ac756f 13775->13794 13834 7ff7c7ac7ef0 13775->13834 13851 7ff7c7ac4e2c 13777->13851 13782 7ff7c7ac7519 13778->13782 13783 7ff7c7ac750a 13778->13783 13787 7ff7c7ac74d9 13778->13787 13780->13769 13780->13775 13781 7ff7c7ac74a4 13780->13781 13780->13782 13780->13794 13786 7ff7c7ac74a9 13781->13786 13781->13787 13847 7ff7c7ac8100 13782->13847 13783->13768 13783->13787 13784 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13789 7ff7c7ac786e 13784->13789 13786->13769 13786->13775 13791 7ff7c7ac74ca 13786->13791 13787->13794 13840 7ff7c7ac55d4 13787->13840 13789->13763 13791->13794 13795 7ff7c7ac7755 13791->13795 13879 7ff7c7aba080 13791->13879 13794->13784 13795->13794 13886 7ff7c7ad7864 13795->13886 13797 7ff7c7ac6ec6 13796->13797 13798 7ff7c7ac6edc 13796->13798 13799 7ff7c7ac74e6 13797->13799 13800 7ff7c7ac7474 13797->13800 13805 7ff7c7ac6f1c 13797->13805 13801 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13798->13801 13798->13805 13803 7ff7c7ac7564 13799->13803 13804 7ff7c7ac74ec 13799->13804 13802 7ff7c7ac7557 13800->13802 13815 7ff7c7ac747a 13800->13815 13801->13805 13809 7ff7c7ac5200 53 API calls 13802->13809 13806 7ff7c7ac7bcc 54 API calls 13803->13806 13804->13802 13807 7ff7c7ac7550 13804->13807 13808 7ff7c7ac74f8 13804->13808 13805->13763 13826 7ff7c7ac74ca 13806->13826 13811 7ff7c7ac7fb4 52 API calls 13807->13811 13812 7ff7c7ac7530 13808->13812 13813 7ff7c7ac74fe 13808->13813 13809->13826 13810 7ff7c7ac74b9 13814 7ff7c7ac7ef0 53 API calls 13810->13814 13829 7ff7c7ac756f 13810->13829 13811->13826 13820 7ff7c7ac4e2c 53 API calls 13812->13820 13817 7ff7c7ac7519 13813->13817 13818 7ff7c7ac750a 13813->13818 13822 7ff7c7ac74d9 13813->13822 13814->13826 13815->13803 13815->13810 13816 7ff7c7ac74a4 13815->13816 13815->13817 13815->13829 13821 7ff7c7ac74a9 13816->13821 13816->13822 13823 7ff7c7ac8100 52 API calls 13817->13823 13818->13802 13818->13822 13819 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13824 7ff7c7ac786e 13819->13824 13820->13826 13821->13803 13821->13810 13821->13826 13825 7ff7c7ac55d4 53 API calls 13822->13825 13822->13829 13823->13826 13824->13763 13825->13826 13827 7ff7c7aba080 ProcessCodePage 52 API calls 13826->13827 13826->13829 13830 7ff7c7ac7755 13826->13830 13827->13830 13828 7ff7c7ad7864 53 API calls 13828->13830 13829->13819 13830->13828 13830->13829 14109 7ff7c7ac44ec 13831->14109 13837 7ff7c7ac7f23 13834->13837 13835 7ff7c7ac7f68 13835->13791 13836 7ff7c7ac7f41 13839 7ff7c7ad7864 53 API calls 13836->13839 13837->13835 13837->13836 13838 7ff7c7aba080 ProcessCodePage 52 API calls 13837->13838 13838->13836 13839->13835 13841 7ff7c7ac55fa 13840->13841 13842 7ff7c7ac5624 13841->13842 13844 7ff7c7ac56db 13841->13844 13846 7ff7c7ac5660 13842->13846 13898 7ff7c7ac4150 13842->13898 13845 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13844->13845 13845->13846 13846->13791 13848 7ff7c7ac8141 13847->13848 13850 7ff7c7ac8145 __crtLCMapStringW 13848->13850 13913 7ff7c7ac8198 13848->13913 13850->13791 13852 7ff7c7ac4e52 13851->13852 13853 7ff7c7ac4e7c 13852->13853 13855 7ff7c7ac4f33 13852->13855 13854 7ff7c7ac4150 12 API calls 13853->13854 13857 7ff7c7ac4eb8 13853->13857 13854->13857 13856 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13855->13856 13856->13857 13857->13791 13859 7ff7c7ac7fd3 13858->13859 13860 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13859->13860 13861 7ff7c7ac8004 13859->13861 13860->13861 13861->13791 13863 7ff7c7ac5226 13862->13863 13864 7ff7c7ac5250 13863->13864 13866 7ff7c7ac5307 13863->13866 13865 7ff7c7ac4150 12 API calls 13864->13865 13868 7ff7c7ac528c 13864->13868 13865->13868 13867 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13866->13867 13867->13868 13868->13791 13870 7ff7c7ac7bf2 13869->13870 13917 7ff7c7ac40a8 13870->13917 13875 7ff7c7aba080 ProcessCodePage 52 API calls 13877 7ff7c7ac7d30 13875->13877 13876 7ff7c7aba080 ProcessCodePage 52 API calls 13878 7ff7c7ac7dbe 13876->13878 13877->13876 13877->13877 13877->13878 13878->13791 13880 7ff7c7ab85e0 ProcessCodePage 52 API calls 13879->13880 13881 7ff7c7aba097 13880->13881 14075 7ff7c7ad699c 13881->14075 13888 7ff7c7ad7895 13886->13888 13895 7ff7c7ad78a3 13886->13895 13887 7ff7c7ad78c3 13890 7ff7c7ad78d4 13887->13890 13891 7ff7c7ad78fb 13887->13891 13888->13887 13889 7ff7c7aba080 ProcessCodePage 52 API calls 13888->13889 13888->13895 13889->13887 14099 7ff7c7ae1288 13890->14099 13893 7ff7c7ad7925 13891->13893 13894 7ff7c7ad7986 13891->13894 13891->13895 13893->13895 14102 7ff7c7adde84 13893->14102 13896 7ff7c7adde84 std::_Locinfo::_Locinfo_ctor MultiByteToWideChar 13894->13896 13895->13795 13896->13895 13899 7ff7c7ac4176 13898->13899 13900 7ff7c7ac4187 13898->13900 13899->13846 13900->13899 13906 7ff7c7ad6814 13900->13906 13903 7ff7c7ac41cc 13904 7ff7c7ad6874 __free_lconv_num 11 API calls 13903->13904 13904->13899 13905 7ff7c7ad6874 __free_lconv_num 11 API calls 13905->13903 13907 7ff7c7ad685f 13906->13907 13911 7ff7c7ad6823 memcpy_s 13906->13911 13909 7ff7c7aba67c memcpy_s 11 API calls 13907->13909 13908 7ff7c7ad6846 HeapAlloc 13910 7ff7c7ac41b8 13908->13910 13908->13911 13909->13910 13910->13903 13910->13905 13911->13907 13911->13908 13912 7ff7c7ad4fac std::_Facet_Register 2 API calls 13911->13912 13912->13911 13914 7ff7c7ac81b6 13913->13914 13915 7ff7c7ac81be 13913->13915 13916 7ff7c7aba080 ProcessCodePage 52 API calls 13914->13916 13915->13850 13916->13915 13918 7ff7c7ac40ce 13917->13918 13919 7ff7c7ac40df 13917->13919 13925 7ff7c7ad93e0 13918->13925 13919->13918 13920 7ff7c7ad6814 std::_Locinfo::_Locinfo_ctor 12 API calls 13919->13920 13921 7ff7c7ac410c 13920->13921 13922 7ff7c7ac4120 13921->13922 13924 7ff7c7ad6874 __free_lconv_num 11 API calls 13921->13924 13923 7ff7c7ad6874 __free_lconv_num 11 API calls 13922->13923 13923->13918 13924->13922 13926 7ff7c7ad9430 13925->13926 13927 7ff7c7ad93fd 13925->13927 13926->13927 13929 7ff7c7ad9462 13926->13929 13928 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13927->13928 13940 7ff7c7ac7d0e 13928->13940 13935 7ff7c7ad9575 13929->13935 13936 7ff7c7ad94aa 13929->13936 13930 7ff7c7ad9667 13971 7ff7c7ad88b0 13930->13971 13932 7ff7c7ad962d 13964 7ff7c7ad8c64 13932->13964 13934 7ff7c7ad95fc 13957 7ff7c7ad8f44 13934->13957 13935->13930 13935->13932 13935->13934 13937 7ff7c7ad95bf 13935->13937 13939 7ff7c7ad95b5 13935->13939 13936->13940 13943 7ff7c7accd04 __std_exception_copy 52 API calls 13936->13943 13947 7ff7c7ad9174 13937->13947 13939->13932 13942 7ff7c7ad95ba 13939->13942 13940->13875 13940->13877 13942->13934 13942->13937 13944 7ff7c7ad9562 13943->13944 13944->13940 13945 7ff7c7ab8a20 _invalid_parameter_noinfo_noreturn 17 API calls 13944->13945 13946 7ff7c7ad96c4 13945->13946 13980 7ff7c7ae1be8 13947->13980 13949 7ff7c7ad91c1 14019 7ff7c7ae1a64 13949->14019 13951 7ff7c7ad921c 13952 7ff7c7ad9271 13951->13952 13954 7ff7c7ad923c 13951->13954 13956 7ff7c7ad9220 13951->13956 14027 7ff7c7ad8d60 13952->14027 13954->13954 14023 7ff7c7ad901c 13954->14023 13956->13940 13958 7ff7c7ae1be8 53 API calls 13957->13958 13959 7ff7c7ad8f8e 13958->13959 13960 7ff7c7ae1a64 52 API calls 13959->13960 13961 7ff7c7ad8fde 13960->13961 13962 7ff7c7ad8fe2 13961->13962 13963 7ff7c7ad901c 52 API calls 13961->13963 13962->13940 13963->13962 13965 7ff7c7ae1be8 53 API calls 13964->13965 13966 7ff7c7ad8caf 13965->13966 13967 7ff7c7ae1a64 52 API calls 13966->13967 13968 7ff7c7ad8d07 13967->13968 13969 7ff7c7ad8d0b 13968->13969 13970 7ff7c7ad8d60 52 API calls 13968->13970 13969->13940 13970->13969 13972 7ff7c7ad88f5 13971->13972 13973 7ff7c7ad8928 13971->13973 13974 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 13972->13974 13975 7ff7c7ad8943 13973->13975 13977 7ff7c7ad89c7 13973->13977 13979 7ff7c7ad8921 memcpy_s 13974->13979 13976 7ff7c7ad8c64 53 API calls 13975->13976 13976->13979 13978 7ff7c7aba080 ProcessCodePage 52 API calls 13977->13978 13977->13979 13978->13979 13979->13940 13981 7ff7c7ae1c3c fegetenv 13980->13981 14038 7ff7c7ae3c4c 13981->14038 13983 7ff7c7ae1cbf 13987 7ff7c7accd04 __std_exception_copy 52 API calls 13983->13987 13984 7ff7c7ae1d7f 14044 7ff7c7ae3d70 13984->14044 13986 7ff7c7ae1c90 13986->13984 13988 7ff7c7ae1d5c 13986->13988 13989 7ff7c7ae1cac 13986->13989 13990 7ff7c7ae1d3d 13987->13990 13992 7ff7c7accd04 __std_exception_copy 52 API calls 13988->13992 13989->13983 13989->13984 13991 7ff7c7ae2e12 13990->13991 13995 7ff7c7ae1d45 13990->13995 13993 7ff7c7ab8a20 _invalid_parameter_noinfo_noreturn 17 API calls 13991->13993 13992->13990 13994 7ff7c7ae2e27 13993->13994 13994->13949 13996 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13995->13996 13997 7ff7c7ae2e00 13996->13997 13997->13949 13998 7ff7c7ae2193 memcpy_s 13999 7ff7c7ae276d memcpy_s 14000 7ff7c7ae24d4 13999->14000 14003 7ff7c7ae247f 13999->14003 14013 7ff7c7aba67c 11 API calls memcpy_s 13999->14013 14018 7ff7c7ab89d0 52 API calls _invalid_parameter_noinfo 13999->14018 14062 7ff7c7ac1750 14000->14062 14003->14000 14003->14003 14053 7ff7c7ac3844 14003->14053 14004 7ff7c7ae1e2b memcpy_s 14004->13999 14012 7ff7c7ae2287 memcpy_s 14004->14012 14005 7ff7c7ae1dea memcpy_s 14005->13998 14005->14004 14007 7ff7c7aba67c memcpy_s 11 API calls 14005->14007 14008 7ff7c7ae2264 14007->14008 14009 7ff7c7ab89d0 _invalid_parameter_noinfo 52 API calls 14008->14009 14009->14004 14010 7ff7c7ac3844 memcpy_s 52 API calls 14017 7ff7c7ae2c42 14010->14017 14011 7ff7c7aba67c 11 API calls memcpy_s 14011->14012 14012->14003 14012->14011 14015 7ff7c7ab89d0 52 API calls _invalid_parameter_noinfo 14012->14015 14013->13999 14014 7ff7c7ac1750 52 API calls 14014->14017 14015->14012 14016 7ff7c7ac3844 memcpy_s 52 API calls 14016->14017 14017->13995 14017->14014 14017->14016 14018->13999 14020 7ff7c7ae1a8c 14019->14020 14021 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 14020->14021 14022 7ff7c7ae1aba memcpy_s 14020->14022 14021->14022 14022->13951 14024 7ff7c7ad9048 memcpy_s 14023->14024 14025 7ff7c7aba080 ProcessCodePage 52 API calls 14024->14025 14026 7ff7c7ad9102 memcpy_s 14024->14026 14025->14026 14026->13956 14028 7ff7c7ad8d9b 14027->14028 14032 7ff7c7ad8de8 memcpy_s 14027->14032 14029 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 14028->14029 14030 7ff7c7ad8dc7 14029->14030 14030->13956 14031 7ff7c7ad8e53 14033 7ff7c7accd04 __std_exception_copy 52 API calls 14031->14033 14032->14031 14034 7ff7c7aba080 ProcessCodePage 52 API calls 14032->14034 14037 7ff7c7ad8e95 memcpy_s 14033->14037 14034->14031 14035 7ff7c7ab8a20 _invalid_parameter_noinfo_noreturn 17 API calls 14036 7ff7c7ad8f40 14035->14036 14037->14035 14039 7ff7c7ae3c69 14038->14039 14043 7ff7c7ae3c8a 14038->14043 14040 7ff7c7aba67c memcpy_s 11 API calls 14039->14040 14041 7ff7c7ae3c7e 14040->14041 14042 7ff7c7ab89d0 _invalid_parameter_noinfo 52 API calls 14041->14042 14042->14043 14043->13986 14045 7ff7c7ae4070 14044->14045 14050 7ff7c7ae3d87 14044->14050 14046 7ff7c7ae4020 14047 7ff7c7ae4016 14046->14047 14052 7ff7c7ae47e0 _log10_special 20 API calls 14046->14052 14047->14005 14048 7ff7c7ae4002 14072 7ff7c7ae47e0 14048->14072 14049 7ff7c7ae3def 14049->14005 14050->14046 14050->14048 14050->14049 14052->14047 14056 7ff7c7ac3861 memcpy_s 14053->14056 14057 7ff7c7ac3865 memcpy_s 14053->14057 14054 7ff7c7ac386a 14055 7ff7c7aba67c memcpy_s 11 API calls 14054->14055 14058 7ff7c7ac386f 14055->14058 14056->14000 14057->14054 14057->14056 14059 7ff7c7ac38a5 14057->14059 14060 7ff7c7ab89d0 _invalid_parameter_noinfo 52 API calls 14058->14060 14059->14056 14061 7ff7c7aba67c memcpy_s 11 API calls 14059->14061 14060->14056 14061->14058 14063 7ff7c7ac1778 14062->14063 14071 7ff7c7ac17bf 14062->14071 14064 7ff7c7ac17a0 14063->14064 14065 7ff7c7ac17c6 14063->14065 14063->14071 14068 7ff7c7ac3844 memcpy_s 52 API calls 14064->14068 14066 7ff7c7ac1801 14065->14066 14067 7ff7c7ac17cb 14065->14067 14070 7ff7c7ac3844 memcpy_s 52 API calls 14066->14070 14069 7ff7c7ac3844 memcpy_s 52 API calls 14067->14069 14068->14071 14069->14071 14070->14071 14071->14010 14071->14017 14073 7ff7c7ae4800 _log10_special 20 API calls 14072->14073 14074 7ff7c7ae47fb 14073->14074 14074->14047 14076 7ff7c7ad69b5 14075->14076 14078 7ff7c7aba0bf 14075->14078 14076->14078 14083 7ff7c7ade214 14076->14083 14079 7ff7c7ad6a08 14078->14079 14080 7ff7c7aba0cf 14079->14080 14081 7ff7c7ad6a21 14079->14081 14080->13795 14081->14080 14096 7ff7c7adeb50 14081->14096 14084 7ff7c7ad64b0 TranslateName 52 API calls 14083->14084 14085 7ff7c7ade223 14084->14085 14086 7ff7c7ade26e 14085->14086 14095 7ff7c7ad3748 EnterCriticalSection 14085->14095 14086->14078 14097 7ff7c7ad64b0 TranslateName 52 API calls 14096->14097 14098 7ff7c7adeb59 14097->14098 14105 7ff7c7ae3940 14099->14105 14103 7ff7c7adde8c MultiByteToWideChar 14102->14103 14108 7ff7c7ae39a4 std::_Locinfo::_Locinfo_ctor 14105->14108 14106 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 14107 7ff7c7ae12a5 14106->14107 14107->13895 14108->14106 14110 7ff7c7ac4521 14109->14110 14111 7ff7c7ac4533 14109->14111 14112 7ff7c7aba67c memcpy_s 11 API calls 14110->14112 14114 7ff7c7ac4541 14111->14114 14117 7ff7c7ac457d 14111->14117 14113 7ff7c7ac4526 14112->14113 14115 7ff7c7ab89d0 _invalid_parameter_noinfo 52 API calls 14113->14115 14116 7ff7c7ab8900 _invalid_parameter_noinfo 52 API calls 14114->14116 14123 7ff7c7ac4531 14115->14123 14116->14123 14118 7ff7c7ac48dd 14117->14118 14120 7ff7c7aba67c memcpy_s 11 API calls 14117->14120 14119 7ff7c7aba67c memcpy_s 11 API calls 14118->14119 14118->14123 14121 7ff7c7ac4b7d 14119->14121 14122 7ff7c7ac48d2 14120->14122 14124 7ff7c7ab89d0 _invalid_parameter_noinfo 52 API calls 14121->14124 14125 7ff7c7ab89d0 _invalid_parameter_noinfo 52 API calls 14122->14125 14123->13763 14124->14123 14125->14118 12417 7ff7c7a5b240 12418 7ff7c7a5b27b 12417->12418 12421 7ff7c7a5b291 12417->12421 12419 7ff7c7a5b2ac 12420 7ff7c7a5b3ab CompareStringW 12420->12421 12421->12419 12421->12420 12422 7ff7c7a5b49d CompareStringW 12421->12422 12422->12419 12422->12421 12432 7ff7c7a59f20 12433 7ff7c7a59f4f 12432->12433 12434 7ff7c7a59f61 12433->12434 12438 7ff7c7a59faa 12433->12438 12441 7ff7c7a59e60 12433->12441 12449 7ff7c7a5b170 12438->12449 12439 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12440 7ff7c7a59fe3 12439->12440 12442 7ff7c7aa4d3c 56 API calls 12441->12442 12443 7ff7c7a59e70 12442->12443 12444 7ff7c7a59eb5 12443->12444 12445 7ff7c7a5b170 120 API calls 12443->12445 12444->12438 12446 7ff7c7a59f0d 12445->12446 12447 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12446->12447 12448 7ff7c7a59f1e 12447->12448 12456 7ff7c79ffaa0 12449->12456 12455 7ff7c7a59fd2 12455->12439 12458 7ff7c79ffb29 12456->12458 12487 7ff7c79fed00 12458->12487 12459 7ff7c79ffb8c memcpy_s 12498 7ff7c7a00820 12459->12498 12464 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12465 7ff7c79ffc60 12464->12465 12468 7ff7c7a99160 12465->12468 12467 7ff7c79ffc4d 12467->12464 13676 7ff7c79fc370 12468->13676 12470 7ff7c7a991a9 12471 7ff7c7aaab30 __std_exception_copy 54 API calls 12470->12471 12472 7ff7c7a991ed 12471->12472 12473 7ff7c7a99211 12472->12473 12475 7ff7c7aaabc0 __std_exception_destroy 13 API calls 12472->12475 12474 7ff7c7aaabc0 __std_exception_destroy 13 API calls 12473->12474 12476 7ff7c7a99223 12474->12476 12477 7ff7c7a99200 12475->12477 12478 7ff7c7a164b0 52 API calls 12476->12478 12479 7ff7c7aaab30 __std_exception_copy 54 API calls 12477->12479 12480 7ff7c7a9922d 12478->12480 12479->12473 12481 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12480->12481 12482 7ff7c7a5b216 12481->12482 12483 7ff7c79fbf20 12482->12483 12484 7ff7c79fbf39 12483->12484 12485 7ff7c79fbf62 12483->12485 12484->12483 12484->12485 12486 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12484->12486 12485->12455 12486->12484 12490 7ff7c79fed29 12487->12490 12494 7ff7c79fedfe memcpy_s 12487->12494 12488 7ff7c79fbfb0 Concurrency::cancel_current_task 56 API calls 12489 7ff7c79fee43 12488->12489 12491 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 12490->12491 12493 7ff7c79fee3d 12490->12493 12497 7ff7c79fee37 12490->12497 12495 7ff7c79fedb1 memcpy_s 12491->12495 12492 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 12492->12493 12493->12488 12494->12459 12495->12494 12496 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12495->12496 12496->12497 12497->12492 12500 7ff7c79ffbfe 12498->12500 12504 7ff7c7a0084e 12498->12504 12505 7ff7c7a007a0 12500->12505 12501 7ff7c7a00989 12649 7ff7c7a16480 12501->12649 12504->12500 12504->12501 12583 7ff7c7a00d30 12504->12583 12506 7ff7c7a007e4 12505->12506 12507 7ff7c7a00bf0 118 API calls 12506->12507 12508 7ff7c7a0080b 12507->12508 12509 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12508->12509 12510 7ff7c79ffc07 12509->12510 12510->12467 12511 7ff7c7a00bf0 12510->12511 12512 7ff7c7a00d1d 12511->12512 12513 7ff7c7a00c1b 12511->12513 12514 7ff7c79fe150 76 API calls 12512->12514 12528 7ff7c7a00c36 memcpy_s 12513->12528 13665 7ff7c7a013d0 12513->13665 12515 7ff7c7a00d22 12514->12515 12518 7ff7c7a0103a 12515->12518 12519 7ff7c7a00d81 12515->12519 12541 7ff7c7a00da3 12515->12541 12517 7ff7c7a00d12 12517->12467 12520 7ff7c7a16480 56 API calls 12518->12520 12522 7ff7c7a01061 12519->12522 12523 7ff7c7a00d8e 12519->12523 12521 7ff7c7a01047 12520->12521 12526 7ff7c7a16480 56 API calls 12521->12526 12525 7ff7c7a16480 56 API calls 12522->12525 12524 7ff7c7a023b0 56 API calls 12523->12524 12527 7ff7c7a00d9e 12524->12527 12529 7ff7c7a0106e 12525->12529 12530 7ff7c7a01054 12526->12530 12531 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12527->12531 12528->12467 12532 7ff7c7a16480 56 API calls 12529->12532 12539 7ff7c7a16480 56 API calls 12530->12539 12535 7ff7c7a01013 12531->12535 12536 7ff7c7a0107b 12532->12536 12533 7ff7c7a00eeb 12538 7ff7c7a01021 12533->12538 12545 7ff7c7a00ef5 12533->12545 12534 7ff7c7a00edb 12537 7ff7c7a023b0 56 API calls 12534->12537 12535->12467 12542 7ff7c7a16480 56 API calls 12536->12542 12537->12527 12540 7ff7c7a16480 56 API calls 12538->12540 12539->12522 12543 7ff7c7a0102d 12540->12543 12541->12518 12541->12521 12541->12522 12541->12527 12541->12530 12541->12533 12541->12534 12544 7ff7c7a01088 12542->12544 12546 7ff7c7a16480 56 API calls 12543->12546 12547 7ff7c7a01373 12544->12547 12550 7ff7c7a010df 12544->12550 12568 7ff7c7a01101 12544->12568 12545->12529 12548 7ff7c7a02f80 118 API calls 12545->12548 12557 7ff7c7a00f3e 12545->12557 12546->12518 12549 7ff7c7a16480 56 API calls 12547->12549 12551 7ff7c7a00fb1 12548->12551 12552 7ff7c7a01380 12549->12552 12553 7ff7c7a010ec 12550->12553 12554 7ff7c7a0139a 12550->12554 12551->12536 12559 7ff7c7a02030 52 API calls 12551->12559 12561 7ff7c7a16480 56 API calls 12552->12561 12555 7ff7c7a01900 56 API calls 12553->12555 12556 7ff7c7a16480 56 API calls 12554->12556 12558 7ff7c7a010fc 12555->12558 12560 7ff7c7a013a7 12556->12560 12557->12527 12557->12543 12562 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12558->12562 12559->12557 12565 7ff7c7a16480 56 API calls 12560->12565 12563 7ff7c7a0138d 12561->12563 12564 7ff7c7a0134c 12562->12564 12571 7ff7c7a16480 56 API calls 12563->12571 12564->12467 12569 7ff7c7a013b4 12565->12569 12566 7ff7c7a01230 12572 7ff7c7a0135a 12566->12572 12576 7ff7c7a01238 12566->12576 12567 7ff7c7a01220 12570 7ff7c7a01900 56 API calls 12567->12570 12568->12547 12568->12552 12568->12554 12568->12558 12568->12563 12568->12566 12568->12567 12575 7ff7c7a16480 56 API calls 12569->12575 12570->12558 12571->12554 12573 7ff7c7a16480 56 API calls 12572->12573 12574 7ff7c7a01366 12573->12574 12578 7ff7c7a16480 56 API calls 12574->12578 12577 7ff7c7a013c1 12575->12577 12576->12560 12579 7ff7c7a02ae0 116 API calls 12576->12579 12581 7ff7c7a01279 12576->12581 12578->12547 12580 7ff7c7a012ec 12579->12580 12580->12569 12582 7ff7c7a01590 52 API calls 12580->12582 12581->12558 12581->12574 12582->12581 12584 7ff7c7a0103a 12583->12584 12585 7ff7c7a00d78 12583->12585 12587 7ff7c7a16480 56 API calls 12584->12587 12586 7ff7c7a00d81 12585->12586 12607 7ff7c7a00da3 12585->12607 12589 7ff7c7a01061 12586->12589 12590 7ff7c7a00d8e 12586->12590 12588 7ff7c7a01047 12587->12588 12593 7ff7c7a16480 56 API calls 12588->12593 12592 7ff7c7a16480 56 API calls 12589->12592 12654 7ff7c7a023b0 12590->12654 12595 7ff7c7a0106e 12592->12595 12596 7ff7c7a01054 12593->12596 12594 7ff7c7a00d9e 12597 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12594->12597 12598 7ff7c7a16480 56 API calls 12595->12598 12605 7ff7c7a16480 56 API calls 12596->12605 12601 7ff7c7a01013 12597->12601 12602 7ff7c7a0107b 12598->12602 12599 7ff7c7a00eeb 12604 7ff7c7a01021 12599->12604 12611 7ff7c7a00ef5 12599->12611 12600 7ff7c7a00edb 12603 7ff7c7a023b0 56 API calls 12600->12603 12601->12504 12608 7ff7c7a16480 56 API calls 12602->12608 12603->12594 12606 7ff7c7a16480 56 API calls 12604->12606 12605->12589 12609 7ff7c7a0102d 12606->12609 12607->12584 12607->12588 12607->12589 12607->12594 12607->12596 12607->12599 12607->12600 12610 7ff7c7a01088 12608->12610 12612 7ff7c7a16480 56 API calls 12609->12612 12613 7ff7c7a01373 12610->12613 12616 7ff7c7a010df 12610->12616 12634 7ff7c7a01101 12610->12634 12611->12595 12623 7ff7c7a00f3e 12611->12623 12664 7ff7c7a02f80 12611->12664 12612->12584 12615 7ff7c7a16480 56 API calls 12613->12615 12618 7ff7c7a01380 12615->12618 12619 7ff7c7a010ec 12616->12619 12620 7ff7c7a0139a 12616->12620 12617 7ff7c7a00fb1 12617->12602 12691 7ff7c7a02030 12617->12691 12627 7ff7c7a16480 56 API calls 12618->12627 12696 7ff7c7a01900 12619->12696 12622 7ff7c7a16480 56 API calls 12620->12622 12626 7ff7c7a013a7 12622->12626 12623->12594 12623->12609 12624 7ff7c7a010fc 12628 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12624->12628 12631 7ff7c7a16480 56 API calls 12626->12631 12629 7ff7c7a0138d 12627->12629 12630 7ff7c7a0134c 12628->12630 12637 7ff7c7a16480 56 API calls 12629->12637 12630->12504 12635 7ff7c7a013b4 12631->12635 12632 7ff7c7a01230 12638 7ff7c7a0135a 12632->12638 12642 7ff7c7a01238 12632->12642 12633 7ff7c7a01220 12636 7ff7c7a01900 56 API calls 12633->12636 12634->12613 12634->12618 12634->12620 12634->12624 12634->12629 12634->12632 12634->12633 12641 7ff7c7a16480 56 API calls 12635->12641 12636->12624 12637->12620 12639 7ff7c7a16480 56 API calls 12638->12639 12640 7ff7c7a01366 12639->12640 12644 7ff7c7a16480 56 API calls 12640->12644 12643 7ff7c7a013c1 12641->12643 12642->12626 12647 7ff7c7a01279 12642->12647 12706 7ff7c7a02ae0 12642->12706 12644->12613 12646 7ff7c7a012ec 12646->12635 12739 7ff7c7a01590 12646->12739 12647->12624 12647->12640 13662 7ff7c7a163a0 12649->13662 12652 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 12653 7ff7c7a164a9 12652->12653 12655 7ff7c7a023fd 12654->12655 12656 7ff7c7a02404 12655->12656 12657 7ff7c7a0246d 12655->12657 12743 7ff7c7a02480 12656->12743 12659 7ff7c7a16480 56 API calls 12657->12659 12661 7ff7c7a02479 12659->12661 12665 7ff7c7a03219 12664->12665 12666 7ff7c7a02fad 12664->12666 12665->12617 12666->12665 12749 7ff7c7a056a0 12666->12749 12668 7ff7c7a03275 12669 7ff7c7a16480 56 API calls 12668->12669 12670 7ff7c7a03281 12669->12670 12671 7ff7c7a16480 56 API calls 12670->12671 12673 7ff7c7a0328e 12671->12673 12672 7ff7c7a02fc5 12672->12665 12672->12668 12674 7ff7c7a0329b 12672->12674 12686 7ff7c7a030b4 12672->12686 12774 7ff7c7a0a8b0 12672->12774 12675 7ff7c7a16480 56 API calls 12673->12675 12676 7ff7c7a16480 56 API calls 12674->12676 12675->12674 12678 7ff7c7a032a8 12676->12678 12681 7ff7c7a16480 56 API calls 12678->12681 12679 7ff7c7a0323a 12679->12665 12810 7ff7c7a03970 12679->12810 12680 7ff7c7a03170 12680->12665 12680->12668 12680->12670 12680->12673 12680->12674 12680->12679 12683 7ff7c7a032b5 12681->12683 12830 7ff7c7a11330 12683->12830 12686->12665 12686->12673 12686->12674 12686->12678 12686->12680 12791 7ff7c7a0aa60 12686->12791 12688 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12690 7ff7c7a0337f 12688->12690 12689 7ff7c7a0330c 12689->12688 12690->12617 12692 7ff7c7a02065 12691->12692 12693 7ff7c7a02363 12691->12693 12694 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12693->12694 12695 7ff7c7a02368 12694->12695 12697 7ff7c7a0194d 12696->12697 12698 7ff7c7a01954 12697->12698 12699 7ff7c7a019bd 12697->12699 13185 7ff7c7a019d0 12698->13185 12700 7ff7c7a16480 56 API calls 12699->12700 12702 7ff7c7a019c9 12700->12702 12707 7ff7c7a02b08 12706->12707 12708 7ff7c7a02e47 12706->12708 12707->12708 13192 7ff7c7a15bb0 12707->13192 12708->12646 12710 7ff7c7a02e52 12711 7ff7c7a16480 56 API calls 12710->12711 12712 7ff7c7a02e5e 12711->12712 12713 7ff7c7a16480 56 API calls 12712->12713 12714 7ff7c7a02e6b 12713->12714 12715 7ff7c7a16480 56 API calls 12714->12715 12716 7ff7c7a02e78 12715->12716 12721 7ff7c7a16480 56 API calls 12716->12721 12717 7ff7c7a02e9f 12719 7ff7c7a16480 56 API calls 12717->12719 12718 7ff7c7a02b2c memcpy_s 12718->12710 12718->12712 12718->12714 12718->12717 12729 7ff7c7a02ca3 12718->12729 12735 7ff7c7a02de7 12718->12735 13196 7ff7c7a07640 12718->13196 12720 7ff7c7a02eac 12719->12720 12722 7ff7c7a11330 8 API calls 12720->12722 12723 7ff7c7a02e85 12721->12723 12730 7ff7c7a02efc 12722->12730 12724 7ff7c7a16480 56 API calls 12723->12724 12726 7ff7c7a02e92 12724->12726 12725 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12727 7ff7c7a02f6f 12725->12727 12731 7ff7c7a16480 56 API calls 12726->12731 12727->12646 12729->12710 12729->12723 12729->12726 12732 7ff7c7a02da0 12729->12732 12729->12735 12738 7ff7c7a02d50 12729->12738 13213 7ff7c7a077e0 12729->13213 12730->12725 12731->12717 12732->12717 12733 7ff7c7a02e19 12732->12733 12732->12735 12733->12735 13259 7ff7c7a036f0 12733->13259 12735->12646 12738->12716 12738->12723 12738->12732 12740 7ff7c7a015c5 12739->12740 12741 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12740->12741 12742 7ff7c7a018c7 12741->12742 12744 7ff7c7a024cf 12743->12744 12745 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12744->12745 12746 7ff7c7a02a83 12745->12746 12747 7ff7c7a02ad7 12746->12747 12748 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12746->12748 12748->12747 12754 7ff7c7a056d8 12749->12754 12750 7ff7c7a05820 12751 7ff7c7a16480 56 API calls 12750->12751 12752 7ff7c7a0582d 12751->12752 12753 7ff7c7a16480 56 API calls 12752->12753 12755 7ff7c7a0583a 12753->12755 12754->12750 12754->12752 12761 7ff7c7a16480 56 API calls 12754->12761 12765 7ff7c7a057a2 memcpy_s 12754->12765 12756 7ff7c7a058b4 12755->12756 12757 7ff7c7a05885 12755->12757 12758 7ff7c7a059d6 12756->12758 12759 7ff7c7a058be 12756->12759 12838 7ff7c7a0ac40 12757->12838 12766 7ff7c7a070d0 118 API calls 12758->12766 12764 7ff7c7a058cb 12759->12764 12863 7ff7c7aa5b10 12759->12863 12761->12750 12763 7ff7c7a058af 12763->12672 12874 7ff7c7a0b270 12764->12874 12765->12672 12766->12763 12768 7ff7c7a058f6 12920 7ff7c7a070d0 12768->12920 12770 7ff7c7a059b1 12771 7ff7c7a059c4 12770->12771 12772 7ff7c79fbf20 52 API calls 12770->12772 12771->12763 12773 7ff7c79fbf20 52 API calls 12771->12773 12772->12771 12773->12763 12775 7ff7c7a0a8db 12774->12775 12776 7ff7c7a0aa13 12775->12776 12778 7ff7c7a0a8e5 12775->12778 12779 7ff7c7a16480 56 API calls 12776->12779 12777 7ff7c7a0aa46 12780 7ff7c7a16480 56 API calls 12777->12780 12778->12777 12781 7ff7c7a0aa1f 12778->12781 12783 7ff7c7a0a99f 12778->12783 12787 7ff7c7a0aa2c 12778->12787 12790 7ff7c7a0aa39 12778->12790 12779->12781 12782 7ff7c7a0aa53 12780->12782 12785 7ff7c7a16480 56 API calls 12781->12785 13169 7ff7c7a10050 12783->13169 12784 7ff7c7a16480 56 API calls 12784->12777 12785->12787 12789 7ff7c7a16480 56 API calls 12787->12789 12789->12790 12790->12784 12793 7ff7c7a0aa8b 12791->12793 12792 7ff7c7a16480 56 API calls 12795 7ff7c7a0ac15 12792->12795 12796 7ff7c7a0abef 12793->12796 12799 7ff7c7a0aa95 12793->12799 12807 7ff7c7a0ac08 12793->12807 12794 7ff7c7a16480 56 API calls 12797 7ff7c7a0ac3c 12794->12797 12800 7ff7c7a16480 56 API calls 12795->12800 12798 7ff7c7a16480 56 API calls 12796->12798 12803 7ff7c7a0abfb 12798->12803 12799->12795 12802 7ff7c7a0ab67 12799->12802 12799->12803 12804 7ff7c7a0ac22 12799->12804 12805 7ff7c7a0ac2f 12799->12805 12799->12807 12800->12804 12801 7ff7c7a16480 56 API calls 12801->12805 13181 7ff7c7a10310 12802->13181 12806 7ff7c7a16480 56 API calls 12803->12806 12804->12801 12805->12794 12806->12807 12807->12792 12811 7ff7c7a0398f 12810->12811 12812 7ff7c7a16480 56 API calls 12811->12812 12829 7ff7c7a03b0d 12811->12829 12814 7ff7c7a03ab2 12812->12814 12813 7ff7c7a16480 56 API calls 12815 7ff7c7a03b1a 12813->12815 12816 7ff7c7a16480 56 API calls 12814->12816 12817 7ff7c7a03abf 12816->12817 12818 7ff7c7a16480 56 API calls 12817->12818 12819 7ff7c7a03acc 12818->12819 12820 7ff7c7a16480 56 API calls 12819->12820 12821 7ff7c7a03ad9 12820->12821 12822 7ff7c7a16480 56 API calls 12821->12822 12823 7ff7c7a03ae6 12822->12823 12824 7ff7c7a16480 56 API calls 12823->12824 12825 7ff7c7a03af3 12824->12825 12826 7ff7c7a16480 56 API calls 12825->12826 12827 7ff7c7a03b00 12826->12827 12828 7ff7c7a16480 56 API calls 12827->12828 12828->12829 12829->12813 12831 7ff7c7a1136c 12830->12831 12835 7ff7c7a11393 memcpy_s 12830->12835 12832 7ff7c7a11371 12831->12832 12831->12835 12833 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12832->12833 12834 7ff7c7a1138d 12833->12834 12834->12689 12836 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12835->12836 12837 7ff7c7a11532 12836->12837 12837->12689 12839 7ff7c7a0ac9b 12838->12839 12842 7ff7c7a0acd6 12838->12842 12933 7ff7c7a05a30 12839->12933 12841 7ff7c7a0acd1 12844 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12841->12844 12946 7ff7c7a109c0 12842->12946 12845 7ff7c7a0b038 12844->12845 12845->12763 12846 7ff7c7aa5b10 65 API calls 12848 7ff7c7a0ae3b 12846->12848 12854 7ff7c7a0b270 118 API calls 12848->12854 12849 7ff7c7a0afef 12950 7ff7c7a0b050 12849->12950 12850 7ff7c7a0b004 12958 7ff7c7a0f1f0 12850->12958 12853 7ff7c7a0b002 12855 7ff7c7a164b0 52 API calls 12853->12855 12857 7ff7c7a0ae69 12854->12857 12855->12841 12856 7ff7c7a0aeb7 12858 7ff7c7a164b0 52 API calls 12856->12858 12857->12856 12859 7ff7c7a0b048 12857->12859 12860 7ff7c7a0aeeb 12858->12860 12861 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12859->12861 12860->12849 12860->12850 12862 7ff7c7a0b04d 12861->12862 13024 7ff7c7aa5e48 12863->13024 12865 7ff7c7aa5b32 12873 7ff7c7aa5b76 memcpy_s 12865->12873 13028 7ff7c7aa5d08 12865->13028 12868 7ff7c7aa5b4a 13031 7ff7c7aa5d38 12868->13031 12869 7ff7c7aa5bea 12869->12764 12872 7ff7c7ab8a80 __std_exception_destroy 13 API calls 12872->12873 13035 7ff7c7aa5ec0 12873->13035 12875 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 12874->12875 12876 7ff7c7a0b2a4 12875->12876 12877 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 12876->12877 12879 7ff7c7a0b2f2 12876->12879 12878 7ff7c7a0b2c7 12877->12878 12881 7ff7c7aa5ec0 std::_Lockit::~_Lockit LeaveCriticalSection 12878->12881 12880 7ff7c7a0b30e 12879->12880 13068 7ff7c7a0d8c0 12879->13068 12882 7ff7c7aa5ec0 std::_Lockit::~_Lockit LeaveCriticalSection 12880->12882 12881->12879 12883 7ff7c7a0b359 12882->12883 12885 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12883->12885 12887 7ff7c7a0b369 12885->12887 12887->12768 12888 7ff7c7a0b379 13117 7ff7c7a15e90 12888->13117 12889 7ff7c7a0b326 13114 7ff7c7aa5acc 12889->13114 12893 7ff7c7a0b3d7 12894 7ff7c7a0b7b1 12893->12894 12896 7ff7c7a0b3eb 12893->12896 12895 7ff7c7a16480 56 API calls 12894->12895 12898 7ff7c7a0b7be 12895->12898 12899 7ff7c7a05a30 118 API calls 12896->12899 12897 7ff7c7a0b426 12900 7ff7c7a11330 8 API calls 12897->12900 12901 7ff7c7a0b421 12899->12901 12904 7ff7c7a0b474 12900->12904 12902 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12901->12902 12903 7ff7c7a0b79c 12902->12903 12903->12768 12905 7ff7c7aa5b10 65 API calls 12904->12905 12908 7ff7c7a0b59a 12904->12908 12918 7ff7c7a0b64a 12904->12918 12905->12908 12906 7ff7c7a0b768 13129 7ff7c7a0f3d0 12906->13129 12907 7ff7c7a0b753 13121 7ff7c7a0b7c0 12907->13121 12912 7ff7c7a0b270 118 API calls 12908->12912 12911 7ff7c7a0b766 12913 7ff7c7a164b0 52 API calls 12911->12913 12915 7ff7c7a0b5c8 12912->12915 12913->12901 12914 7ff7c7a0b616 12916 7ff7c7a164b0 52 API calls 12914->12916 12915->12914 12917 7ff7c7a0b7ac 12915->12917 12916->12918 12919 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12917->12919 12918->12906 12918->12907 12919->12894 12921 7ff7c7a07134 12920->12921 12922 7ff7c7a070f7 12920->12922 12923 7ff7c7a07167 12921->12923 12926 7ff7c7a07140 12921->12926 12924 7ff7c7a0ccc0 118 API calls 12922->12924 12927 7ff7c7a0d5d0 8 API calls 12923->12927 12925 7ff7c7a07129 12924->12925 12925->12770 13159 7ff7c7a071c0 12926->13159 12929 7ff7c7a07186 12927->12929 13163 7ff7c7a0d6d0 12929->13163 12934 7ff7c7a05aae 12933->12934 12935 7ff7c7a05a7c 12933->12935 12936 7ff7c7a05ab2 12934->12936 12937 7ff7c7a05aec 12934->12937 12935->12934 12938 7ff7c7a05a80 12935->12938 12989 7ff7c7a0ccc0 12936->12989 12940 7ff7c7a070d0 118 API calls 12937->12940 12938->12936 12941 7ff7c7a05a84 12938->12941 12942 7ff7c7a05aac 12940->12942 12964 7ff7c7a0c8a0 12941->12964 12944 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12942->12944 12945 7ff7c7a05b1b 12944->12945 12945->12841 12947 7ff7c7a10a11 memcpy_s 12946->12947 12948 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12947->12948 12949 7ff7c7a0ad21 12948->12949 12949->12846 12949->12848 12949->12860 12951 7ff7c7a0b09b 12950->12951 12952 7ff7c7aa5b10 65 API calls 12951->12952 12953 7ff7c7a0b170 12951->12953 12957 7ff7c7a0b19e 12951->12957 12952->12953 12956 7ff7c7a0b270 118 API calls 12953->12956 12954 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12955 7ff7c7a0b25b 12954->12955 12955->12853 12956->12957 12957->12954 12959 7ff7c7a0f260 12958->12959 12960 7ff7c7a0b050 118 API calls 12959->12960 12963 7ff7c7a0f33a 12960->12963 12961 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12962 7ff7c7a0f3b3 12961->12962 12962->12853 12963->12961 12965 7ff7c7a0c8fa 12964->12965 12966 7ff7c7a0c935 12964->12966 12967 7ff7c7a05a30 118 API calls 12965->12967 12969 7ff7c7a11330 8 API calls 12966->12969 12968 7ff7c7a0c930 12967->12968 12970 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12968->12970 12972 7ff7c7a0c983 12969->12972 12971 7ff7c7a0cc9c 12970->12971 12971->12942 12973 7ff7c7aa5b10 65 API calls 12972->12973 12976 7ff7c7a0ca9d 12972->12976 12986 7ff7c7a0cb4d 12972->12986 12973->12976 12974 7ff7c7a0cc68 12978 7ff7c7a0f1f0 118 API calls 12974->12978 12975 7ff7c7a0cc53 12977 7ff7c7a0b050 118 API calls 12975->12977 12980 7ff7c7a0b270 118 API calls 12976->12980 12979 7ff7c7a0cc66 12977->12979 12978->12979 12981 7ff7c7a164b0 52 API calls 12979->12981 12984 7ff7c7a0cacb 12980->12984 12981->12968 12982 7ff7c7a0cb19 12983 7ff7c7a164b0 52 API calls 12982->12983 12983->12986 12984->12982 12985 7ff7c7a0ccac 12984->12985 12987 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 12985->12987 12986->12974 12986->12975 12988 7ff7c7a0ccb1 12987->12988 12990 7ff7c7a0cd17 12989->12990 12991 7ff7c7a0cd45 memcpy_s 12989->12991 12990->12991 12992 7ff7c7a0cd1c 12990->12992 12995 7ff7c7a0f790 8 API calls 12991->12995 13006 7ff7c7a0f790 12992->13006 12994 7ff7c7a0cd40 12996 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 12994->12996 13000 7ff7c7a0cdc4 12995->13000 12998 7ff7c7a0ce9a 12996->12998 12998->12942 13002 7ff7c7a00bf0 118 API calls 13000->13002 13004 7ff7c7a0ce0b 13000->13004 13002->13004 13012 7ff7c7a0d5d0 13004->13012 13005 7ff7c79fbf20 52 API calls 13005->12994 13010 7ff7c7a0f7fa memcpy_s 13006->13010 13007 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13008 7ff7c7a0fd3d 13007->13008 13008->12994 13009 7ff7c7a0fcd5 13009->13007 13010->13009 13011 7ff7c7a14550 8 API calls 13010->13011 13011->13010 13016 7ff7c7a0d637 13012->13016 13013 7ff7c7a0d68e 13014 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13013->13014 13015 7ff7c7a0ce4d 13014->13015 13018 7ff7c7a0fd50 13015->13018 13016->13013 13017 7ff7c7a0ddf0 8 API calls 13016->13017 13017->13016 13020 7ff7c7a0fdb3 13018->13020 13019 7ff7c7a071c0 8 API calls 13022 7ff7c7a0feb3 13019->13022 13020->13019 13021 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13023 7ff7c7a0ce7d 13021->13023 13022->13021 13023->13005 13025 7ff7c7aa5e57 13024->13025 13026 7ff7c7aa5e5c 13024->13026 13039 7ff7c7ad37c4 13025->13039 13026->12865 13029 7ff7c7aa89e0 std::_Facet_Register 56 API calls 13028->13029 13030 7ff7c7aa5d1a 13029->13030 13030->12868 13032 7ff7c7aa5d4a 13031->13032 13033 7ff7c7aa5b55 13031->13033 13063 7ff7c7aa84f0 13032->13063 13033->12872 13033->12873 13036 7ff7c7aa5ecb LeaveCriticalSection 13035->13036 13038 7ff7c7aa5ed4 13035->13038 13038->12869 13042 7ff7c7ad75f8 13039->13042 13043 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13042->13043 13044 7ff7c7ad7618 13043->13044 13045 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13044->13045 13046 7ff7c7ad7637 13045->13046 13047 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13046->13047 13048 7ff7c7ad7656 13047->13048 13049 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13048->13049 13050 7ff7c7ad7675 13049->13050 13051 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13050->13051 13052 7ff7c7ad7694 13051->13052 13053 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13052->13053 13054 7ff7c7ad76b3 13053->13054 13055 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13054->13055 13056 7ff7c7ad76d2 13055->13056 13057 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13056->13057 13058 7ff7c7ad76f1 13057->13058 13059 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13058->13059 13060 7ff7c7ad7710 13059->13060 13061 7ff7c7ad6ce0 __crtLCMapStringW 5 API calls 13060->13061 13062 7ff7c7ad772f 13061->13062 13064 7ff7c7aa8525 13063->13064 13065 7ff7c7aa84fe EncodePointer 13063->13065 13066 7ff7c7ac9d88 std::locale::_Setgloballocale 52 API calls 13064->13066 13065->13033 13067 7ff7c7aa852a DeleteCriticalSection 13066->13067 13069 7ff7c7a0d910 13068->13069 13113 7ff7c7a0db4f 13068->13113 13071 7ff7c7aa89e0 std::_Facet_Register 56 API calls 13069->13071 13069->13113 13070 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13072 7ff7c7a0b320 13070->13072 13073 7ff7c7a0d922 13071->13073 13072->12888 13072->12889 13074 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 13073->13074 13075 7ff7c7a0d962 13074->13075 13076 7ff7c7a0db7e 13075->13076 13135 7ff7c7aa5c80 13075->13135 13142 7ff7c7aa4d60 13076->13142 13113->13070 13115 7ff7c7aa89e0 std::_Facet_Register 56 API calls 13114->13115 13116 7ff7c7aa5adf 13115->13116 13116->12880 13118 7ff7c7a15e9e Concurrency::cancel_current_task 13117->13118 13119 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 13118->13119 13120 7ff7c7a0b37e 13119->13120 13120->12893 13120->12897 13122 7ff7c7a0b813 13121->13122 13123 7ff7c7aa5b10 65 API calls 13122->13123 13124 7ff7c7a0b8e0 13122->13124 13128 7ff7c7a0b90e 13122->13128 13123->13124 13127 7ff7c7a0b270 118 API calls 13124->13127 13125 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13126 7ff7c7a0b9cb 13125->13126 13126->12911 13127->13128 13128->13125 13131 7ff7c7a0f440 13129->13131 13130 7ff7c7a0b7c0 118 API calls 13132 7ff7c7a0f51a 13130->13132 13131->13130 13133 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13132->13133 13134 7ff7c7a0f593 13133->13134 13134->12911 13147 7ff7c7acd040 13135->13147 13139 7ff7c7aa5cb3 13140 7ff7c7aa5cc2 13139->13140 13141 7ff7c7acd040 std::_Locinfo::_Locinfo_ctor 87 API calls 13139->13141 13141->13140 13156 7ff7c7a16360 13142->13156 13145 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 13146 7ff7c7a0db8b 13145->13146 13148 7ff7c7ad75f8 std::_Locinfo::_Locinfo_ctor 5 API calls 13147->13148 13149 7ff7c7acd056 13148->13149 13150 7ff7c7accd64 std::_Locinfo::_Locinfo_ctor 87 API calls 13149->13150 13151 7ff7c7aa5c99 13150->13151 13152 7ff7c7aa59f4 13151->13152 13153 7ff7c7aa5a11 13152->13153 13155 7ff7c7aa5a1b memcpy_s 13152->13155 13154 7ff7c7ab8a80 __std_exception_destroy 13 API calls 13153->13154 13153->13155 13154->13155 13155->13139 13157 7ff7c7a162f0 Concurrency::cancel_current_task 54 API calls 13156->13157 13158 7ff7c7a16381 13157->13158 13158->13145 13160 7ff7c7a071fc 13159->13160 13161 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13160->13161 13162 7ff7c7a0715c 13161->13162 13162->12770 13164 7ff7c7a0d733 13163->13164 13165 7ff7c7a071c0 8 API calls 13164->13165 13166 7ff7c7a0d829 13165->13166 13167 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13166->13167 13168 7ff7c7a071a7 13167->13168 13168->12770 13170 7ff7c7a10071 13169->13170 13171 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13170->13171 13172 7ff7c7a10123 13171->13172 13173 7ff7c7a16480 56 API calls 13172->13173 13174 7ff7c7a10179 13173->13174 13175 7ff7c7a16480 56 API calls 13174->13175 13176 7ff7c7a1019b 13175->13176 13177 7ff7c7a16480 56 API calls 13176->13177 13178 7ff7c7a101bb 13177->13178 13179 7ff7c7a16480 56 API calls 13178->13179 13180 7ff7c7a101da 13179->13180 13182 7ff7c7a10331 13181->13182 13183 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13182->13183 13184 7ff7c7a103e3 13183->13184 13186 7ff7c7a01a1f 13185->13186 13187 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13186->13187 13188 7ff7c7a01fea 13187->13188 13189 7ff7c7a02065 13188->13189 13190 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13188->13190 13191 7ff7c7a02368 13190->13191 13193 7ff7c7a15be3 13192->13193 13194 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13193->13194 13195 7ff7c7a15c0d 13194->13195 13195->12718 13197 7ff7c7a0766a 13196->13197 13198 7ff7c7a07796 13197->13198 13200 7ff7c7a07673 13197->13200 13201 7ff7c7a16480 56 API calls 13198->13201 13199 7ff7c7a077c9 13202 7ff7c7a16480 56 API calls 13199->13202 13200->13199 13203 7ff7c7a077a2 13200->13203 13204 7ff7c7a077bc 13200->13204 13206 7ff7c7a07722 13200->13206 13209 7ff7c7a077af 13200->13209 13201->13203 13205 7ff7c7a077d6 13202->13205 13207 7ff7c7a16480 56 API calls 13203->13207 13208 7ff7c7a16480 56 API calls 13204->13208 13279 7ff7c7a0ff40 13206->13279 13207->13209 13208->13199 13212 7ff7c7a16480 56 API calls 13209->13212 13212->13204 13214 7ff7c7a0780a 13213->13214 13215 7ff7c7a0797b 13214->13215 13219 7ff7c7a07962 13214->13219 13237 7ff7c7a07813 13214->13237 13216 7ff7c7a16480 56 API calls 13215->13216 13218 7ff7c7a07988 13216->13218 13217 7ff7c7a079a2 13220 7ff7c7a16480 56 API calls 13217->13220 13224 7ff7c7a16480 56 API calls 13218->13224 13222 7ff7c7a16480 56 API calls 13219->13222 13223 7ff7c7a079af 13220->13223 13221 7ff7c7a07995 13225 7ff7c7a16480 56 API calls 13221->13225 13226 7ff7c7a0796e 13222->13226 13227 7ff7c7a07a09 13223->13227 13235 7ff7c7a07a4d 13223->13235 13224->13221 13225->13217 13232 7ff7c7a16480 56 API calls 13226->13232 13229 7ff7c7a07a12 13227->13229 13230 7ff7c7a07dbd 13227->13230 13228 7ff7c7a078da 13283 7ff7c7a101e0 13228->13283 13289 7ff7c7a03de0 13229->13289 13231 7ff7c7a16480 56 API calls 13230->13231 13236 7ff7c7a07dca 13231->13236 13232->13215 13240 7ff7c7a109c0 8 API calls 13235->13240 13237->13215 13237->13217 13237->13218 13237->13221 13237->13226 13237->13228 13238 7ff7c7a07a48 13241 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13238->13241 13244 7ff7c7a07a9c 13240->13244 13242 7ff7c7a02dd2 13241->13242 13242->12710 13242->12732 13243 7ff7c7a07c5f 13246 7ff7c7a07d74 13243->13246 13247 7ff7c7a07d5f 13243->13247 13244->13243 13245 7ff7c7aa5b10 65 API calls 13244->13245 13248 7ff7c7a07baf 13244->13248 13245->13248 13356 7ff7c7a0e3e0 13246->13356 13348 7ff7c7a07dd0 13247->13348 13302 7ff7c7a07ff0 13248->13302 13251 7ff7c7a07d72 13253 7ff7c7a164b0 52 API calls 13251->13253 13253->13238 13254 7ff7c7a07c2b 13256 7ff7c7a164b0 52 API calls 13254->13256 13255 7ff7c7a07bdd 13255->13254 13257 7ff7c7a07db8 13255->13257 13256->13243 13258 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13257->13258 13258->13230 13260 7ff7c7a0370c 13259->13260 13261 7ff7c7a16480 56 API calls 13260->13261 13278 7ff7c7a03887 13260->13278 13263 7ff7c7a0382c 13261->13263 13262 7ff7c7a16480 56 API calls 13264 7ff7c7a03894 13262->13264 13265 7ff7c7a16480 56 API calls 13263->13265 13266 7ff7c7a03839 13265->13266 13267 7ff7c7a16480 56 API calls 13266->13267 13268 7ff7c7a03846 13267->13268 13269 7ff7c7a16480 56 API calls 13268->13269 13270 7ff7c7a03853 13269->13270 13271 7ff7c7a16480 56 API calls 13270->13271 13272 7ff7c7a03860 13271->13272 13273 7ff7c7a16480 56 API calls 13272->13273 13274 7ff7c7a0386d 13273->13274 13275 7ff7c7a16480 56 API calls 13274->13275 13276 7ff7c7a0387a 13275->13276 13277 7ff7c7a16480 56 API calls 13276->13277 13277->13278 13278->13262 13280 7ff7c7a0ff61 13279->13280 13281 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13280->13281 13282 7ff7c7a10013 13281->13282 13284 7ff7c7a10201 13283->13284 13285 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13284->13285 13286 7ff7c7a102b3 13285->13286 13287 7ff7c7a16480 56 API calls 13286->13287 13288 7ff7c7a1030a 13287->13288 13290 7ff7c7a03e5c 13289->13290 13291 7ff7c7a03e2a 13289->13291 13293 7ff7c7a03e60 13290->13293 13294 7ff7c7a03e9a 13290->13294 13291->13290 13292 7ff7c7a03e2e 13291->13292 13292->13293 13295 7ff7c7a03e32 13292->13295 13387 7ff7c7a09c50 13293->13387 13404 7ff7c7a05480 13294->13404 13362 7ff7c7a09610 13295->13362 13299 7ff7c7a03e5a 13300 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13299->13300 13301 7ff7c7a03ec9 13300->13301 13301->13238 13303 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 13302->13303 13304 7ff7c7a08024 13303->13304 13305 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 13304->13305 13308 7ff7c7a08072 13304->13308 13306 7ff7c7a08047 13305->13306 13309 7ff7c7aa5ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13306->13309 13307 7ff7c7a0808e 13310 7ff7c7aa5ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13307->13310 13308->13307 13525 7ff7c7a0db90 13308->13525 13309->13308 13311 7ff7c7a080d9 13310->13311 13313 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13311->13313 13315 7ff7c7a080e9 13313->13315 13315->13255 13316 7ff7c7a080a6 13318 7ff7c7aa5acc std::_Facet_Register 56 API calls 13316->13318 13317 7ff7c7a080f9 13319 7ff7c7a15e90 Concurrency::cancel_current_task 2 API calls 13317->13319 13318->13307 13320 7ff7c7a080fe 13319->13320 13321 7ff7c7a08157 13320->13321 13322 7ff7c7a081a3 13320->13322 13323 7ff7c7a08168 13321->13323 13347 7ff7c7a08531 13321->13347 13328 7ff7c7a11330 8 API calls 13322->13328 13325 7ff7c7a03de0 116 API calls 13323->13325 13324 7ff7c7a16480 56 API calls 13326 7ff7c7a0853e 13324->13326 13327 7ff7c7a0819e 13325->13327 13329 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13327->13329 13331 7ff7c7a081f1 13328->13331 13330 7ff7c7a0851c 13329->13330 13330->13255 13332 7ff7c7aa5b10 65 API calls 13331->13332 13335 7ff7c7a08313 13331->13335 13345 7ff7c7a083c3 13331->13345 13332->13335 13333 7ff7c7a084e8 13573 7ff7c7a0e5a0 13333->13573 13334 7ff7c7a084d3 13565 7ff7c7a08540 13334->13565 13339 7ff7c7a07ff0 116 API calls 13335->13339 13338 7ff7c7a084e6 13340 7ff7c7a164b0 52 API calls 13338->13340 13342 7ff7c7a08341 13339->13342 13340->13327 13341 7ff7c7a0838f 13343 7ff7c7a164b0 52 API calls 13341->13343 13342->13341 13344 7ff7c7a0852c 13342->13344 13343->13345 13346 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13344->13346 13345->13333 13345->13334 13346->13347 13347->13324 13349 7ff7c7a07e1b 13348->13349 13350 7ff7c7aa5b10 65 API calls 13349->13350 13351 7ff7c7a07eee 13349->13351 13355 7ff7c7a07f1c 13349->13355 13350->13351 13354 7ff7c7a07ff0 116 API calls 13351->13354 13352 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13353 7ff7c7a07fd8 13352->13353 13353->13251 13354->13355 13355->13352 13358 7ff7c7a0e450 13356->13358 13357 7ff7c7a07dd0 116 API calls 13360 7ff7c7a0e514 13357->13360 13358->13357 13359 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13361 7ff7c7a0e58c 13359->13361 13360->13359 13361->13251 13363 7ff7c7a09669 13362->13363 13366 7ff7c7a096a4 13362->13366 13364 7ff7c7a03de0 116 API calls 13363->13364 13365 7ff7c7a0969f 13364->13365 13367 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13365->13367 13417 7ff7c7a10760 13366->13417 13369 7ff7c7a09a18 13367->13369 13369->13299 13370 7ff7c7aa5b10 65 API calls 13372 7ff7c7a0981a 13370->13372 13371 7ff7c7a096f3 13371->13370 13371->13372 13384 7ff7c7a098ca 13371->13384 13378 7ff7c7a07ff0 116 API calls 13372->13378 13373 7ff7c7a099cf 13425 7ff7c7a09a30 13373->13425 13374 7ff7c7a099e4 13433 7ff7c7a0e920 13374->13433 13377 7ff7c7a099e2 13379 7ff7c7a164b0 52 API calls 13377->13379 13381 7ff7c7a09848 13378->13381 13379->13365 13380 7ff7c7a09896 13382 7ff7c7a164b0 52 API calls 13380->13382 13381->13380 13383 7ff7c7a09a28 13381->13383 13382->13384 13385 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13383->13385 13384->13373 13384->13374 13386 7ff7c7a09a2d 13385->13386 13388 7ff7c7a09ca5 13387->13388 13390 7ff7c7a09cd3 memcpy_s 13387->13390 13389 7ff7c7a09caa 13388->13389 13388->13390 13439 7ff7c7a0eae0 13389->13439 13393 7ff7c7a0eae0 10 API calls 13390->13393 13392 7ff7c7a09cce 13394 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13392->13394 13399 7ff7c7a09d56 13393->13399 13397 7ff7c7a09e36 13394->13397 13395 7ff7c7a09da7 13471 7ff7c7a0a530 13395->13471 13397->13299 13399->13395 13447 7ff7c79fee50 13399->13447 13403 7ff7c7a164b0 52 API calls 13403->13392 13405 7ff7c7a054e4 13404->13405 13406 7ff7c7a054a7 13404->13406 13408 7ff7c7a0551e 13405->13408 13410 7ff7c7a054f0 13405->13410 13407 7ff7c7a09c50 78 API calls 13406->13407 13409 7ff7c7a054d9 13407->13409 13411 7ff7c7a0a530 8 API calls 13408->13411 13409->13299 13412 7ff7c7a0a800 8 API calls 13410->13412 13413 7ff7c7a0553d 13411->13413 13414 7ff7c7a0550c 13412->13414 13519 7ff7c7a0a630 13413->13519 13414->13299 13418 7ff7c7a1079c 13417->13418 13422 7ff7c7a107c1 memcpy_s 13417->13422 13419 7ff7c7a107a1 13418->13419 13418->13422 13420 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13419->13420 13421 7ff7c7a107bb 13420->13421 13421->13371 13423 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13422->13423 13424 7ff7c7a10974 13423->13424 13424->13371 13426 7ff7c7a09a84 13425->13426 13427 7ff7c7aa5b10 65 API calls 13426->13427 13428 7ff7c7a09b4e 13426->13428 13432 7ff7c7a09b7c 13426->13432 13427->13428 13431 7ff7c7a07ff0 116 API calls 13428->13431 13429 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13430 7ff7c7a09c38 13429->13430 13430->13377 13431->13432 13432->13429 13435 7ff7c7a0e990 13433->13435 13434 7ff7c7a09a30 116 API calls 13436 7ff7c7a0ea54 13434->13436 13435->13434 13437 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13436->13437 13438 7ff7c7a0eacc 13437->13438 13438->13377 13444 7ff7c7a0eb3e 13439->13444 13440 7ff7c7a0efab 13441 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13440->13441 13442 7ff7c7a0f014 13441->13442 13442->13392 13444->13440 13445 7ff7c7a109c0 8 API calls 13444->13445 13483 7ff7c7aa6638 MultiByteToWideChar 13444->13483 13486 7ff7c7a14550 13444->13486 13445->13444 13448 7ff7c79fef63 13447->13448 13449 7ff7c79fee7b 13447->13449 13450 7ff7c79fe150 76 API calls 13448->13450 13456 7ff7c79fee96 memcpy_s 13449->13456 13490 7ff7c79ff570 13449->13490 13462 7ff7c79fef68 13450->13462 13452 7ff7c79fef58 13452->13395 13454 7ff7c79ff0a7 13455 7ff7c79ff149 13454->13455 13459 7ff7c79ff0bc 13454->13459 13457 7ff7c79fe150 76 API calls 13455->13457 13456->13395 13458 7ff7c79ff14e 13457->13458 13461 7ff7c79ff150 56 API calls 13459->13461 13463 7ff7c79ff116 13461->13463 13462->13454 13462->13455 13464 7ff7c79fbf20 52 API calls 13462->13464 13499 7ff7c79fff60 13462->13499 13503 7ff7c79ff150 13462->13503 13465 7ff7c79fbf20 52 API calls 13463->13465 13464->13462 13466 7ff7c79ff120 13465->13466 13467 7ff7c79fbf20 52 API calls 13466->13467 13468 7ff7c79ff129 13467->13468 13469 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13468->13469 13470 7ff7c79ff135 13469->13470 13470->13395 13475 7ff7c7a0a596 13471->13475 13472 7ff7c7a0a5ee 13473 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13472->13473 13474 7ff7c7a09de9 13473->13474 13477 7ff7c7a0f020 13474->13477 13475->13472 13511 7ff7c7a0e080 13475->13511 13479 7ff7c7a0f081 13477->13479 13515 7ff7c7a0a800 13479->13515 13480 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13481 7ff7c7a09e19 13480->13481 13481->13403 13484 7ff7c7aa6662 GetLastError 13483->13484 13485 7ff7c7aa666e 13483->13485 13484->13485 13485->13444 13487 7ff7c7a1459e memcpy_s 13486->13487 13488 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13487->13488 13489 7ff7c7a14723 13488->13489 13489->13444 13491 7ff7c79ff6dc 13490->13491 13492 7ff7c79ff5c9 13490->13492 13493 7ff7c79fbfb0 Concurrency::cancel_current_task 56 API calls 13491->13493 13495 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 13492->13495 13494 7ff7c79ff6e2 13493->13494 13494->13452 13497 7ff7c79ff611 memcpy_s 13495->13497 13496 7ff7c79ff681 memcpy_s 13496->13452 13497->13496 13498 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13497->13498 13498->13491 13502 7ff7c79fffa2 memcpy_s 13499->13502 13500 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13501 7ff7c7a00034 13500->13501 13501->13462 13502->13500 13510 7ff7c79ff18a 13503->13510 13504 7ff7c79ff207 13505 7ff7c79fbf20 52 API calls 13504->13505 13507 7ff7c79ff25b 13505->13507 13506 7ff7c7a003c0 56 API calls 13506->13504 13508 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13507->13508 13509 7ff7c79ff268 13508->13509 13509->13462 13510->13504 13510->13506 13514 7ff7c7a0e0bc 13511->13514 13512 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13513 7ff7c7a0e250 13512->13513 13513->13475 13514->13512 13516 7ff7c7a0a845 13515->13516 13517 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13516->13517 13518 7ff7c7a0a8a3 13517->13518 13518->13480 13521 7ff7c7a0a691 13519->13521 13520 7ff7c7a0a800 8 API calls 13524 7ff7c7a0a76d 13520->13524 13521->13520 13522 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13523 7ff7c7a0555e 13522->13523 13523->13299 13524->13522 13526 7ff7c7a0dbc9 13525->13526 13564 7ff7c7a080a0 13525->13564 13527 7ff7c7aa89e0 std::_Facet_Register 56 API calls 13526->13527 13526->13564 13528 7ff7c7a0dbdb 13527->13528 13529 7ff7c7aa5e48 std::_Lockit::_Lockit 6 API calls 13528->13529 13530 7ff7c7a0dc1f 13529->13530 13532 7ff7c7aa5c80 std::_Locinfo::_Locinfo_ctor 89 API calls 13530->13532 13549 7ff7c7a0ddd1 13530->13549 13531 7ff7c7aa4d60 56 API calls 13533 7ff7c7a0ddde 13531->13533 13534 7ff7c7a0dc6a 13532->13534 13536 7ff7c7aa4cb4 Concurrency::cancel_current_task 56 API calls 13533->13536 13579 7ff7c7ab8b20 13534->13579 13538 7ff7c7a0dde4 13536->13538 13541 7ff7c7aa4cb4 Concurrency::cancel_current_task 56 API calls 13538->13541 13543 7ff7c7a0ddea 13541->13543 13549->13531 13564->13316 13564->13317 13566 7ff7c7a08593 13565->13566 13567 7ff7c7aa5b10 65 API calls 13566->13567 13568 7ff7c7a0865e 13566->13568 13572 7ff7c7a0868c 13566->13572 13567->13568 13571 7ff7c7a07ff0 116 API calls 13568->13571 13569 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13570 7ff7c7a08748 13569->13570 13570->13338 13571->13572 13572->13569 13575 7ff7c7a0e610 13573->13575 13574 7ff7c7a08540 116 API calls 13578 7ff7c7a0e6d4 13574->13578 13575->13574 13576 7ff7c7aa8970 Concurrency::cancel_current_task 8 API calls 13577 7ff7c7a0e74c 13576->13577 13577->13338 13578->13576 13597 7ff7c7ad64b0 GetLastError 13579->13597 13581 7ff7c7ab8b29 13638 7ff7c7ad6968 13581->13638 13584 7ff7c7aa6388 13642 7ff7c7ad37f0 13584->13642 13598 7ff7c7ad64d4 FlsGetValue 13597->13598 13599 7ff7c7ad64f1 FlsSetValue 13597->13599 13600 7ff7c7ad64eb 13598->13600 13619 7ff7c7ad64e1 13598->13619 13601 7ff7c7ad6503 13599->13601 13599->13619 13600->13599 13603 7ff7c7ad6a40 memcpy_s 11 API calls 13601->13603 13602 7ff7c7ad655d SetLastError 13605 7ff7c7ad657d 13602->13605 13606 7ff7c7ad656a 13602->13606 13604 7ff7c7ad6512 13603->13604 13608 7ff7c7ad6530 FlsSetValue 13604->13608 13609 7ff7c7ad6520 FlsSetValue 13604->13609 13607 7ff7c7ac9d88 std::locale::_Setgloballocale 40 API calls 13605->13607 13606->13581 13610 7ff7c7ad6582 13607->13610 13612 7ff7c7ad653c FlsSetValue 13608->13612 13613 7ff7c7ad654e 13608->13613 13611 7ff7c7ad6529 13609->13611 13614 7ff7c7ad6595 FlsGetValue 13610->13614 13615 7ff7c7ad65b0 FlsSetValue 13610->13615 13616 7ff7c7ad6874 __free_lconv_num 11 API calls 13611->13616 13612->13611 13617 7ff7c7ad625c memcpy_s 11 API calls 13613->13617 13618 7ff7c7ad65aa 13614->13618 13636 7ff7c7ad65a2 13614->13636 13620 7ff7c7ad65bd 13615->13620 13615->13636 13616->13619 13621 7ff7c7ad6556 13617->13621 13618->13615 13619->13602 13639 7ff7c7a0dc86 13638->13639 13640 7ff7c7ad697d 13638->13640 13639->13584 13640->13639 13641 7ff7c7ade214 TranslateName 52 API calls 13640->13641 13641->13639 13663 7ff7c7a162f0 Concurrency::cancel_current_task 54 API calls 13662->13663 13664 7ff7c7a163c1 13663->13664 13664->12652 13666 7ff7c7a01582 13665->13666 13669 7ff7c7a0141f 13665->13669 13667 7ff7c79fbfb0 Concurrency::cancel_current_task 56 API calls 13666->13667 13668 7ff7c7a01588 13667->13668 13670 7ff7c7a0157c 13669->13670 13671 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 13669->13671 13672 7ff7c79fc1e0 Concurrency::cancel_current_task 56 API calls 13670->13672 13674 7ff7c7a0148f memcpy_s 13671->13674 13672->13666 13673 7ff7c7a0151a memcpy_s 13673->12517 13674->13673 13675 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13674->13675 13675->13670 13681 7ff7c79fc3af 13676->13681 13677 7ff7c79fc4ed 13679 7ff7c7a162b0 Concurrency::cancel_current_task 54 API calls 13677->13679 13678 7ff7c79fc498 13678->12470 13682 7ff7c79fc4ff 13679->13682 13680 7ff7c79fc4c6 13689 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 13680->13689 13681->13677 13681->13678 13681->13680 13683 7ff7c79fc418 WideCharToMultiByte 13681->13683 13686 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 13682->13686 13684 7ff7c79fc510 13683->13684 13685 7ff7c79fc44c 13683->13685 13688 7ff7c7a16360 54 API calls 13684->13688 13701 7ff7c79fd870 13685->13701 13686->13684 13691 7ff7c79fc522 13688->13691 13689->13677 13690 7ff7c79fc45a WideCharToMultiByte 13690->13678 13694 7ff7c79fc533 13690->13694 13693 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 13691->13693 13693->13694 13695 7ff7c7a16360 54 API calls 13694->13695 13696 7ff7c79fc545 13695->13696 13697 7ff7c7aaba40 Concurrency::cancel_current_task 2 API calls 13696->13697 13698 7ff7c79fc556 13697->13698 13699 7ff7c7aaab30 __std_exception_copy 54 API calls 13698->13699 13700 7ff7c79fc596 13699->13700 13700->12470 13702 7ff7c79fd8a0 13701->13702 13703 7ff7c79fd8b6 13701->13703 13702->13690 13706 7ff7c79fd8d0 memcpy_s 13703->13706 13707 7ff7c79feab0 13703->13707 13705 7ff7c79fd91c 13705->13690 13706->13690 13708 7ff7c79feaf2 13707->13708 13717 7ff7c79febf8 13707->13717 13710 7ff7c79fc020 Concurrency::cancel_current_task 56 API calls 13708->13710 13709 7ff7c79fbfb0 Concurrency::cancel_current_task 56 API calls 13711 7ff7c79febfe 13709->13711 13714 7ff7c79feb3e memcpy_s 13710->13714 13712 7ff7c79fec23 13711->13712 13713 7ff7c7a88550 76 API calls 13711->13713 13712->13705 13713->13712 13715 7ff7c79feba7 memcpy_s 13714->13715 13716 7ff7c7ab89f0 _invalid_parameter_noinfo_noreturn 52 API calls 13714->13716 13715->13705 13716->13717 13717->13709

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00007FF7C7ADF5E8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 74 7ff7c7adf5e8-7ff7c7adf644 call 7ff7c7ad64b0 77 7ff7c7adf646-7ff7c7adf65a call 7ff7c7adf54c 74->77 78 7ff7c7adf65d-7ff7c7adf664 74->78 77->78 80 7ff7c7adf6b3 call 7ff7c7adee2c 78->80 81 7ff7c7adf666-7ff7c7adf66d 78->81 87 7ff7c7adf6b8-7ff7c7adf6bc 80->87 83 7ff7c7adf676 call 7ff7c7adefa4 81->83 84 7ff7c7adf66f-7ff7c7adf674 call 7ff7c7adeed4 81->84 92 7ff7c7adf67b-7ff7c7adf67f 83->92 84->92 90 7ff7c7adf815 87->90 91 7ff7c7adf6c2-7ff7c7adf6cd 87->91 93 7ff7c7adf817-7ff7c7adf835 90->93 94 7ff7c7adf6cf-7ff7c7adf6d3 91->94 95 7ff7c7adf6dd-7ff7c7adf6e0 call 7ff7c7adf41c 91->95 92->91 96 7ff7c7adf681-7ff7c7adf697 call 7ff7c7adf54c 92->96 94->95 97 7ff7c7adf6d5-7ff7c7adf6db GetACP 94->97 100 7ff7c7adf6e5-7ff7c7adf6e9 95->100 96->87 103 7ff7c7adf699-7ff7c7adf6a3 96->103 97->100 100->90 102 7ff7c7adf6ef-7ff7c7adf6f4 100->102 102->90 104 7ff7c7adf6fa-7ff7c7adf705 IsValidCodePage 102->104 105 7ff7c7adf6a5-7ff7c7adf6aa call 7ff7c7adeed4 103->105 106 7ff7c7adf6ac-7ff7c7adf6b1 call 7ff7c7adefa4 103->106 104->90 107 7ff7c7adf70b-7ff7c7adf70e 104->107 105->87 106->87 110 7ff7c7adf713-7ff7c7adf716 107->110 111 7ff7c7adf710 107->111 114 7ff7c7adf71c-7ff7c7adf727 110->114 115 7ff7c7adf80e-7ff7c7adf813 110->115 111->110 116 7ff7c7adf72b-7ff7c7adf733 114->116 115->93 116->116 117 7ff7c7adf735-7ff7c7adf74a call 7ff7c7ac8e2c 116->117 120 7ff7c7adf836-7ff7c7adf8c7 call 7ff7c7ab8a20 call 7ff7c7ad64b0 * 2 call 7ff7c7adfdf8 GetLocaleInfoW 117->120 121 7ff7c7adf750-7ff7c7adf766 call 7ff7c7ad7140 117->121 140 7ff7c7adf8d0-7ff7c7adf8e3 call 7ff7c7acd0e4 120->140 141 7ff7c7adf8c9-7ff7c7adf8ce 120->141 121->90 127 7ff7c7adf76c-7ff7c7adf78b call 7ff7c7ad7140 121->127 127->90 132 7ff7c7adf791-7ff7c7adf7a1 call 7ff7c7aabcdc 127->132 138 7ff7c7adf7b3-7ff7c7adf7ca call 7ff7c7ad7140 132->138 139 7ff7c7adf7a3-7ff7c7adf7b1 call 7ff7c7aabcdc 132->139 138->90 152 7ff7c7adf7cc-7ff7c7adf7d9 138->152 139->138 139->152 150 7ff7c7adf905-7ff7c7adf90c 140->150 151 7ff7c7adf8e5 140->151 144 7ff7c7adf90f-7ff7c7adf937 call 7ff7c7aa8970 141->144 150->144 154 7ff7c7adf8ec-7ff7c7adf8ef 151->154 155 7ff7c7adf7db-7ff7c7adf7f6 call 7ff7c7ac8e2c 152->155 156 7ff7c7adf7fa-7ff7c7adf809 call 7ff7c7ac9068 152->156 154->150 157 7ff7c7adf8f1-7ff7c7adf8fa 154->157 155->120 162 7ff7c7adf7f8 155->162 156->115 157->154 160 7ff7c7adf8fc-7ff7c7adf902 157->160 160->150 162->115
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                            • API String ID: 1791977518-905460609
                                                                                                                                                                            • Opcode ID: 305899aee862d9f2b1fe865ff4d5afaf9060b3f28d45c8a0c4e94113403ca691
                                                                                                                                                                            • Instruction ID: ab75b40e2133bb2de4e89a1b95c7d19181e2ceaf9971bdc878beb8531f45df4a
                                                                                                                                                                            • Opcode Fuzzy Hash: 305899aee862d9f2b1fe865ff4d5afaf9060b3f28d45c8a0c4e94113403ca691
                                                                                                                                                                            • Instruction Fuzzy Hash: 2291A332A0874281EB24BF29D480ABEA394FF58BA4F848131DA6C57795DF3CE553C761
                                                                                                                                                                            Function 00007FF7C7A355B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFeatureHandleModulePresentProcProcessor
                                                                                                                                                                            • String ID: LdrEnumerateLoadedModules$asw::main::impl::at_exit_action_node::action_failed_exception::action_failed_exception: atexit action throws exception!$ntdll
                                                                                                                                                                            • API String ID: 431857297-521359223
                                                                                                                                                                            • Opcode ID: 8cc7187c1e48b0e137204187c6205cac412951973900bf0cf519ddca150740fd
                                                                                                                                                                            • Instruction ID: dd649455f248e954d9654b7663f0cf120346d9baec0478054f9c789f5c913308
                                                                                                                                                                            • Opcode Fuzzy Hash: 8cc7187c1e48b0e137204187c6205cac412951973900bf0cf519ddca150740fd
                                                                                                                                                                            • Instruction Fuzzy Hash: E8419321E0C78282EB14BF29D5416BDA3A0FF95364FC04235E68D47A92DF2CE556CB60
                                                                                                                                                                            Function 00007FF7C7AD6CE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,00000000,00007FF7C7AD7618,?,?,?,?,00007FF7C7AD37CD,?,?,?,?,00007FF7C7AA5E5C), ref: 00007FF7C7AD6E5F
                                                                                                                                                                            • GetProcAddressForCaller.KERNELBASE(?,?,00000000,00007FF7C7AD7618,?,?,?,?,00007FF7C7AD37CD,?,?,?,?,00007FF7C7AA5E5C), ref: 00007FF7C7AD6E6B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressCallerFreeLibraryProc
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3520295827-537541572
                                                                                                                                                                            • Opcode ID: 6ba786f08f78f7e28089f67b172f1858db9f796f0ca8cce6ba22e415334f518f
                                                                                                                                                                            • Instruction ID: d7d09d80d6f94c46517671b1e3f44b3626798d4274a48b24959fbbea5eb4e455
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ba786f08f78f7e28089f67b172f1858db9f796f0ca8cce6ba22e415334f518f
                                                                                                                                                                            • Instruction Fuzzy Hash: A2411471B19A4281FB16EF1AE850979A392BF18BF4F884135ED1D4B798DE3CE4078360
                                                                                                                                                                            Function 00007FF7C7A5B240 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 163 7ff7c7a5b240-7ff7c7a5b279 164 7ff7c7a5b27b-7ff7c7a5b290 163->164 165 7ff7c7a5b291-7ff7c7a5b2aa 163->165 166 7ff7c7a5b2ac-7ff7c7a5b2c1 165->166 167 7ff7c7a5b2c2-7ff7c7a5b312 165->167 168 7ff7c7a5b318-7ff7c7a5b327 167->168 169 7ff7c7a5b560-7ff7c7a5b568 167->169 172 7ff7c7a5b330-7ff7c7a5b335 168->172 170 7ff7c7a5b587-7ff7c7a5b58a 169->170 171 7ff7c7a5b56a-7ff7c7a5b574 169->171 173 7ff7c7a5b591-7ff7c7a5b595 170->173 171->173 174 7ff7c7a5b33b-7ff7c7a5b35f 172->174 175 7ff7c7a5b53e-7ff7c7a5b552 172->175 176 7ff7c7a5b598-7ff7c7a5b5d0 173->176 177 7ff7c7a5b360-7ff7c7a5b36a 174->177 175->172 178 7ff7c7a5b558 175->178 177->177 179 7ff7c7a5b36c-7ff7c7a5b395 177->179 178->169 179->175 180 7ff7c7a5b39b 179->180 181 7ff7c7a5b3a0-7ff7c7a5b3a5 180->181 182 7ff7c7a5b3ab-7ff7c7a5b3dc CompareStringW 181->182 183 7ff7c7a5b527-7ff7c7a5b539 181->183 184 7ff7c7a5b508-7ff7c7a5b521 182->184 185 7ff7c7a5b3e2-7ff7c7a5b3e9 182->185 183->175 184->181 184->183 186 7ff7c7a5b3f0-7ff7c7a5b3fb 185->186 186->186 187 7ff7c7a5b3fd-7ff7c7a5b426 186->187 187->184 188 7ff7c7a5b42c 187->188 189 7ff7c7a5b430-7ff7c7a5b436 188->189 189->184 190 7ff7c7a5b43c 189->190 191 7ff7c7a5b443-7ff7c7a5b44d 190->191 191->191 192 7ff7c7a5b44f-7ff7c7a5b474 191->192 193 7ff7c7a5b476-7ff7c7a5b47a 192->193 194 7ff7c7a5b4f1-7ff7c7a5b502 192->194 193->194 195 7ff7c7a5b47c-7ff7c7a5b487 193->195 194->184 194->189 196 7ff7c7a5b490-7ff7c7a5b49b 195->196 196->196 197 7ff7c7a5b49d-7ff7c7a5b4d8 CompareStringW 196->197 198 7ff7c7a5b4de-7ff7c7a5b4ef 197->198 199 7ff7c7a5b576-7ff7c7a5b585 197->199 198->193 198->194 199->176
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                            • API String ID: 0-3023212541
                                                                                                                                                                            • Opcode ID: 2d2e29025c06a646549f2caa510b9705cebe246cf46ef38af85dc0f69d13b2a3
                                                                                                                                                                            • Instruction ID: d69707fbfff3e9a66730ded07b9f0c2ba7183752a3afed526463ff98b8ade86f
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d2e29025c06a646549f2caa510b9705cebe246cf46ef38af85dc0f69d13b2a3
                                                                                                                                                                            • Instruction Fuzzy Hash: 43A1A872A04B9186DB509F18E4407ADB7A0FB41B74FA48325DABD43BE4EF38D49AC710
                                                                                                                                                                            Function 00007FF7C79FDEC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180synchronizationCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7C79FCAB0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF7C79FDF25), ref: 00007FF7C79FCB10
                                                                                                                                                                              • Part of subcall function 00007FF7C79FCAB0: LeaveCriticalSection.KERNEL32 ref: 00007FF7C79FCB51
                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7C79FDFDD
                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7C79FDFFF
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C79FE0E7
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C79FE13B
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88550: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C79FE1E4), ref: 00007FF7C7A885A7
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88550: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C79FE1E4), ref: 00007FF7C7A885C8
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88550: LeaveCriticalSection.KERNEL32 ref: 00007FF7C7A885F2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle$CriticalLeaveSection_invalid_parameter_noinfo_noreturn$EventObjectSingleWait
                                                                                                                                                                            • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                            • API String ID: 3909378210-2706815617
                                                                                                                                                                            • Opcode ID: ddf7a2c954f341ad42ce7b6e91e2f816d2ffa70e65a5171170a2a96e94807c85
                                                                                                                                                                            • Instruction ID: 41c978934153241bc8639072a43fe6415ea567c7f02fc9f1d6f3b6ccda9da95d
                                                                                                                                                                            • Opcode Fuzzy Hash: ddf7a2c954f341ad42ce7b6e91e2f816d2ffa70e65a5171170a2a96e94807c85
                                                                                                                                                                            • Instruction Fuzzy Hash: 4E71B132B09B8289EB14EF25E4406ACB3B5FB447A8F904535EB4D07B99DF38E596C350
                                                                                                                                                                            Function 00007FF7C7A88550 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88480: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FF7C7A88590), ref: 00007FF7C7A884C1
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88480: DeleteCriticalSection.KERNEL32(?,?,?,?,?,00007FF7C7A88590), ref: 00007FF7C7A884DA
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88480: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF7C7A88590), ref: 00007FF7C7A88537
                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C79FE1E4), ref: 00007FF7C7A885A7
                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C79FE1E4), ref: 00007FF7C7A885C8
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7C7A885F2
                                                                                                                                                                            Strings
                                                                                                                                                                            • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF7C7A88616
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$CloseDeleteEnterEventHandleInitializeLeave
                                                                                                                                                                            • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                            • API String ID: 3040484998-3605786268
                                                                                                                                                                            • Opcode ID: 53f8d3dcd99a1138f11466b3ff8eb99b2b841bd9129ae30f5c6943f120eedb1b
                                                                                                                                                                            • Instruction ID: 6a84a1f376fe6f0cd43afb77f242a41bb248f541e3884a5e72f31756024dd897
                                                                                                                                                                            • Opcode Fuzzy Hash: 53f8d3dcd99a1138f11466b3ff8eb99b2b841bd9129ae30f5c6943f120eedb1b
                                                                                                                                                                            • Instruction Fuzzy Hash: 87219132A08A4682EB05EF29E85477DA3A0FF847A0F944131DA5D43675DF3CE497C750
                                                                                                                                                                            Function 00007FF7C7AD71D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DefaultUser$LocaleName
                                                                                                                                                                            • String ID: GetUserDefaultLocaleName
                                                                                                                                                                            • API String ID: 1141742295-151340334
                                                                                                                                                                            • Opcode ID: 90c7cba616e7bb8189e2da5b995f22248e56dc030d954d7f01c1725267d5df62
                                                                                                                                                                            • Instruction ID: 8b4a1e09c3405e9648ea14c2ff80f3b4c67c6bff64a8c9d90670a3a1aeb43f4b
                                                                                                                                                                            • Opcode Fuzzy Hash: 90c7cba616e7bb8189e2da5b995f22248e56dc030d954d7f01c1725267d5df62
                                                                                                                                                                            • Instruction Fuzzy Hash: D8F0BE20B1828241EB08BFA9A584EB9A261AF4C7E0FC44036DD0E47A51EE2CD947C7A0
                                                                                                                                                                            Function 00007FF7C79FBBD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID: Avast
                                                                                                                                                                            • API String ID: 118556049-4153034659
                                                                                                                                                                            • Opcode ID: e1b6ff265150d9949a5d3366e82d3c178c94b81a2e35a55c35ac62e4709b5fa6
                                                                                                                                                                            • Instruction ID: 7923aade21dd362181f4697d2c724cf81f04961cf5101e0c6556a6c7ff8f1d38
                                                                                                                                                                            • Opcode Fuzzy Hash: e1b6ff265150d9949a5d3366e82d3c178c94b81a2e35a55c35ac62e4709b5fa6
                                                                                                                                                                            • Instruction Fuzzy Hash: 5D419D62B05B8591DB10AF26E4005ADB3A4F759BE4F984332DE7C87784DF38E5A2C340
                                                                                                                                                                            Function 00007FF7C79FBD70 Relevance: 3.1, APIs: 2, Instructions: 122COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 73155330-0
                                                                                                                                                                            • Opcode ID: 2d02cc917097c48701abaf777390a39abcbe279cd205ad017384a088a1f8d185
                                                                                                                                                                            • Instruction ID: e4971c917c916b555151b1157859a3a4e33deb5e8c707d52bc11d512917380f2
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d02cc917097c48701abaf777390a39abcbe279cd205ad017384a088a1f8d185
                                                                                                                                                                            • Instruction Fuzzy Hash: 6841BE62714B8295DA00EF26E5042ADA3A5FB45BF0F948632EF6D477D5DE38E052C350
                                                                                                                                                                            Function 00007FF7C79FCCE0 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2453523683-0
                                                                                                                                                                            • Opcode ID: d6ef4d953a2b881a370d9ed52f6ec6a1607e6d6ffbd72dcdd8d42952ae46fdd3
                                                                                                                                                                            • Instruction ID: 005c3c5da65d7f1be168300554a5a9ca02c7508850c046b2e3fa30861f74aace
                                                                                                                                                                            • Opcode Fuzzy Hash: d6ef4d953a2b881a370d9ed52f6ec6a1607e6d6ffbd72dcdd8d42952ae46fdd3
                                                                                                                                                                            • Instruction Fuzzy Hash: 09419036A08B4282EB50EF16E48066EF3A4FB49BE4F958136DA5D43760DF3DE842C750
                                                                                                                                                                            Function 00007FF7C79FC020 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 73155330-0
                                                                                                                                                                            • Opcode ID: 0c7cb6519ebf39f42e6682189382c2f0f1c477887d2ffc8930f91371afa2e789
                                                                                                                                                                            • Instruction ID: a28a0341bb3abf1491bdb183254decd8b9bff47bed87dae332d29a560abc6a1f
                                                                                                                                                                            • Opcode Fuzzy Hash: 0c7cb6519ebf39f42e6682189382c2f0f1c477887d2ffc8930f91371afa2e789
                                                                                                                                                                            • Instruction Fuzzy Hash: CFF05822F1A60785EE1DBB66849663992A05F867B0ED48A30F66E027D1EE2CE4934710
                                                                                                                                                                            Function 00007FF7C7AA89E0 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                            • Opcode ID: 6ae54405d3b7cdc9943cd09e05473c636e72e1f32f620f30e38d1b0e7814846d
                                                                                                                                                                            • Instruction ID: f8e4bdf65a378293a8cfcf40b7bfc7da2aff63520fce7fea15ef3857439a3cbf
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ae54405d3b7cdc9943cd09e05473c636e72e1f32f620f30e38d1b0e7814846d
                                                                                                                                                                            • Instruction Fuzzy Hash: F0E0B610E0924749FB6D3A6F14568BC81800F197B0E995730E93E572C7ED1CB8934AB0
                                                                                                                                                                            Function 00007FF7C7AD6874 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                            • Opcode ID: 9bdf34576114e0bc6316843a7aad014734ecc5935aee5539168c6eb62d99f260
                                                                                                                                                                            • Instruction ID: ff984c9bff68d54fe15912c82c9b4644d8b5aa2b0459f3ec73c4d25ff8980106
                                                                                                                                                                            • Opcode Fuzzy Hash: 9bdf34576114e0bc6316843a7aad014734ecc5935aee5539168c6eb62d99f260
                                                                                                                                                                            • Instruction Fuzzy Hash: C8E012A0F2960382FF187FF6989597C91516F987B6FC44030CC0D87266FE2CA9874230
                                                                                                                                                                            Function 00007FF7C79FDC20 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3151167499-0
                                                                                                                                                                            • Opcode ID: e6b59c8067450cbc41d4dfd5e693182dc546499b7641e772565c1d5dc10528db
                                                                                                                                                                            • Instruction ID: 605b7c622fe69530ebe4aaa7e4b0a9d57dd41243268d40d0ef90b34aa53a78b6
                                                                                                                                                                            • Opcode Fuzzy Hash: e6b59c8067450cbc41d4dfd5e693182dc546499b7641e772565c1d5dc10528db
                                                                                                                                                                            • Instruction Fuzzy Hash: 13419F72A09B4682EB14AF25E451339F3A0FB44BA4F548036DB8C47BA9DF3CE492C750
                                                                                                                                                                            Function 00007FF7C7ACECD0 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                            • Opcode ID: 6e9100d7867e202e02177d694ea6053ea67bc90ccc9de93b2b1814883f6b39d0
                                                                                                                                                                            • Instruction ID: 544830535d13ee90029094bfe33d21cc6de15dee4daaeb8bd582ca3a32eccd7d
                                                                                                                                                                            • Opcode Fuzzy Hash: 6e9100d7867e202e02177d694ea6053ea67bc90ccc9de93b2b1814883f6b39d0
                                                                                                                                                                            • Instruction Fuzzy Hash: 9C111472A04B069CEB11AFB4D4816EC37B8FB0836CF94052AEA4D13B59EF34D195C3A0
                                                                                                                                                                            Function 00007FF7C7AD6A40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7C7AD668A,?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD6A95
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                            • Opcode ID: b5b48ee645ee0d33b5194a45bed3594a6177e3e2be73c99d3a861549bf2c224b
                                                                                                                                                                            • Instruction ID: 49fe973c4829b6fc734b73e7e34a35409359d7cc05659aca89f00ff655bc3772
                                                                                                                                                                            • Opcode Fuzzy Hash: b5b48ee645ee0d33b5194a45bed3594a6177e3e2be73c99d3a861549bf2c224b
                                                                                                                                                                            • Instruction Fuzzy Hash: 86F06254B4920340FF58BE6A5591BBD93A15FA8BE0FCC9031CD4E472F2EE2CE5424130
                                                                                                                                                                            Function 00007FF7C7AD6814 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF7C7ADBEB5,?,?,00000000,00007FF7C7AD57CF,?,?,?,00007FF7C7AD514B,?,?,?,00007FF7C7AD5041), ref: 00007FF7C7AD6852
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                            • Opcode ID: 2d77edec7ecab9ebeb6e527f546b8a1f2804d5b63a326de95238c0699f268de5
                                                                                                                                                                            • Instruction ID: d4a3c90c6d80e477fcf89036c6194b685c6dbadd096a3a14091b79b79c5d9838
                                                                                                                                                                            • Opcode Fuzzy Hash: 2d77edec7ecab9ebeb6e527f546b8a1f2804d5b63a326de95238c0699f268de5
                                                                                                                                                                            • Instruction Fuzzy Hash: B4F05E61E0920384FB543EBA9891B7D91815F687F2FC80234DC2E872E2DE6CE4424531

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00007FF7C7AE0024 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2591520935-0
                                                                                                                                                                            • Opcode ID: 11a9bc5981a280e3f8f7e49f974762e3635798550a6778f68e20d59b18c710b9
                                                                                                                                                                            • Instruction ID: f5938df0464430321935f2fb68c25092ad511be0edbf850667641ce682008297
                                                                                                                                                                            • Opcode Fuzzy Hash: 11a9bc5981a280e3f8f7e49f974762e3635798550a6778f68e20d59b18c710b9
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D718C72B046028AFB11AF69D850ABEA3B0BF487A4F944035CE1D57695EF3CE456C370
                                                                                                                                                                            Function 00007FF7C7AA955C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                            • Opcode ID: 6802b58a4b88bc95406801cc78ab0eab3494cf3b6d1d8d3db5c9e8cec99407aa
                                                                                                                                                                            • Instruction ID: 6f2dbddd035ad878fcd28a02d1466b00ded7adf8bf6757c8738663a8a8a387a1
                                                                                                                                                                            • Opcode Fuzzy Hash: 6802b58a4b88bc95406801cc78ab0eab3494cf3b6d1d8d3db5c9e8cec99407aa
                                                                                                                                                                            • Instruction Fuzzy Hash: DD317672605B8286EB609F64E840BEDB370FB84718F44403ADA4D47B95DF3CD549CB24
                                                                                                                                                                            Function 00007FF7C7AB8700 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                            • Opcode ID: 716f2138d73c859cabbe22bbdaace8b1bae49b1abca59869777676361969f9e5
                                                                                                                                                                            • Instruction ID: 908fa16c045634b18610ee5228688b0ce886d4fc23ac7ac7e437c6d7bcb96966
                                                                                                                                                                            • Opcode Fuzzy Hash: 716f2138d73c859cabbe22bbdaace8b1bae49b1abca59869777676361969f9e5
                                                                                                                                                                            • Instruction Fuzzy Hash: B4318736618B8186DB64DF29E8406AEB3A0FB847A8F900135EE9D43B55DF3CD156CB50
                                                                                                                                                                            Function 00007FF7C7AC1750 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1502251526-3916222277
                                                                                                                                                                            • Opcode ID: d133ae0a0a2f81e79a54817ba04a6e4faade133bffc2a94f57c38f3159a9fc72
                                                                                                                                                                            • Instruction ID: 5cbd84189bbab08a0ec6c063cfee9509307615bfa71e8c5ac5d9cec21e678d2e
                                                                                                                                                                            • Opcode Fuzzy Hash: d133ae0a0a2f81e79a54817ba04a6e4faade133bffc2a94f57c38f3159a9fc72
                                                                                                                                                                            • Instruction Fuzzy Hash: F1C1B2B2B1868697E724DF19E184A6EF791FB84794F848135DB4A43B44DF3DE806CB40
                                                                                                                                                                            Function 00007FF7C7AD7140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                            • String ID: GetLocaleInfoEx
                                                                                                                                                                            • API String ID: 2299586839-2904428671
                                                                                                                                                                            • Opcode ID: 3dcb83835e48f66fe312620b4e6bf48166246bb62ff3c5e86e4a1659ee46978c
                                                                                                                                                                            • Instruction ID: 43eb62a7325e0f5c01803c4faa00cef7556c53ad76ae945d37581548b804ff3c
                                                                                                                                                                            • Opcode Fuzzy Hash: 3dcb83835e48f66fe312620b4e6bf48166246bb62ff3c5e86e4a1659ee46978c
                                                                                                                                                                            • Instruction Fuzzy Hash: 6E01A235B09A8286E704AF5AB4408AAE760EF94BE0FD84035EE0D43B65DE3CD5438390
                                                                                                                                                                            Function 00007FF7C7ADF938 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7C7AD64B0: GetLastError.KERNEL32 ref: 00007FF7C7AD64BF
                                                                                                                                                                              • Part of subcall function 00007FF7C7AD64B0: FlsGetValue.KERNEL32 ref: 00007FF7C7AD64D4
                                                                                                                                                                              • Part of subcall function 00007FF7C7AD64B0: SetLastError.KERNEL32 ref: 00007FF7C7AD655F
                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7C7AE0127,?,00000000,00000092,?,?,00000000,?,00007FF7C7ACE999), ref: 00007FF7C7ADF9D6
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3029459697-0
                                                                                                                                                                            • Opcode ID: cad7ee2250456a2e082f83f528f20f9e387c75ba98201214f3fb33e36147b772
                                                                                                                                                                            • Instruction ID: bfff9a50d5548d7f52740d0b957e6260027c6684cab45f4d60bd14b8e7743697
                                                                                                                                                                            • Opcode Fuzzy Hash: cad7ee2250456a2e082f83f528f20f9e387c75ba98201214f3fb33e36147b772
                                                                                                                                                                            • Instruction Fuzzy Hash: DD110263E086418AEB10AF19D080AADB7A1FBA4BB0F848136D66D433C4DE28D6D2C710
                                                                                                                                                                            Function 00007FF7C7ADFA08 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7C7AD64B0: GetLastError.KERNEL32 ref: 00007FF7C7AD64BF
                                                                                                                                                                              • Part of subcall function 00007FF7C7AD64B0: FlsGetValue.KERNEL32 ref: 00007FF7C7AD64D4
                                                                                                                                                                              • Part of subcall function 00007FF7C7AD64B0: SetLastError.KERNEL32 ref: 00007FF7C7AD655F
                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7C7AE00E3,?,00000000,00000092,?,?,00000000,?,00007FF7C7ACE999), ref: 00007FF7C7ADFA86
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3029459697-0
                                                                                                                                                                            • Opcode ID: 97a433213f8b4fa87b84f58001795c6d1646212546ba24b438a0f7711b618247
                                                                                                                                                                            • Instruction ID: e79ef589a97efdc8020efc86994ece31bc537d7f6cf91a46744677554eacedb3
                                                                                                                                                                            • Opcode Fuzzy Hash: 97a433213f8b4fa87b84f58001795c6d1646212546ba24b438a0f7711b618247
                                                                                                                                                                            • Instruction Fuzzy Hash: 2801B572F0824286E7106F19E480FBEB6A1EB64BB5F95A231D679472E4DF7C94828710
                                                                                                                                                                            Function 00007FF7C7AD6C64 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7C7AD710F,?,?,?,?,?,?,?,?,00000000,00007FF7C7ADEF78), ref: 00007FF7C7AD6CB3
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EnumLocalesSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2099609381-0
                                                                                                                                                                            • Opcode ID: 755fb5abbae5ed2029afc2e537ddc29eb8fd52f458f70d1bfd035419968f7661
                                                                                                                                                                            • Instruction ID: 75abe1e94c4ac14e15284087d839a00f2cb8f66638f4c16a227876c13caa2840
                                                                                                                                                                            • Opcode Fuzzy Hash: 755fb5abbae5ed2029afc2e537ddc29eb8fd52f458f70d1bfd035419968f7661
                                                                                                                                                                            • Instruction Fuzzy Hash: DBF08C72B08A4983EB04EF19E8905AEA3B2FB99B90F948035DA4D83364DF3CD4528710
                                                                                                                                                                            Function 00007FF7C7AD64B0 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 570795689-0
                                                                                                                                                                            • Opcode ID: 67b9cd7ed8a5051a748bef80a5c62fa5b33e6c8daa5dac5fc63fbd6cebcc729b
                                                                                                                                                                            • Instruction ID: 3fbf64157832269bfbe42e056aaf99579c9af9520b76cff150a28d917922b2cb
                                                                                                                                                                            • Opcode Fuzzy Hash: 67b9cd7ed8a5051a748bef80a5c62fa5b33e6c8daa5dac5fc63fbd6cebcc729b
                                                                                                                                                                            • Instruction Fuzzy Hash: 87415920F0824281FB687F7955959BE92A15F643F0FD44739E93E476EAEE2CB8434260
                                                                                                                                                                            Function 00007FF7C7A0DB90 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                            • String ID: bad locale name$false$true
                                                                                                                                                                            • API String ID: 4121308752-1062449267
                                                                                                                                                                            • Opcode ID: 752e9cc03629a36cf9ba7ec684d0de80677378a785f0b98d4eca0c0386455422
                                                                                                                                                                            • Instruction ID: d0062d0d245605dc582205487d1ddae755a76cd4f5ffd29c6c904df05da4f8da
                                                                                                                                                                            • Opcode Fuzzy Hash: 752e9cc03629a36cf9ba7ec684d0de80677378a785f0b98d4eca0c0386455422
                                                                                                                                                                            • Instruction Fuzzy Hash: 5661B132A0AB418AEB14EF78D4516BCB7B1EF84764F840434DE4D23A99DF38E452C7A4
                                                                                                                                                                            Function 00007FF7C7A077E0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 410COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: Argument not found.$Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.$integral cannot be stored in char
                                                                                                                                                                            • API String ID: 3668304517-2649470553
                                                                                                                                                                            • Opcode ID: 9f6ffc03098bcd7b29597f508a80b1906960250c422dcbfe1357fc7d1b9a140d
                                                                                                                                                                            • Instruction ID: 282061e65ddc1da8667b24518dbcf19b26a895c951560c45a388e121d7656af4
                                                                                                                                                                            • Opcode Fuzzy Hash: 9f6ffc03098bcd7b29597f508a80b1906960250c422dcbfe1357fc7d1b9a140d
                                                                                                                                                                            • Instruction Fuzzy Hash: 27021532E0878585EB20DF38D440ABCBBA1FB45769F904536DA9E03A95DF3CE596C710
                                                                                                                                                                            Function 00007FF7C7A0B270 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 361COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocale_invalid_parameter_noinfo_noreturnstd::locale::_
                                                                                                                                                                            • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                            • API String ID: 1468110720-1689078516
                                                                                                                                                                            • Opcode ID: 2a9289bd4a1658c86afe624b2a0568047633977f90ddc63b7bb368bdd4f00509
                                                                                                                                                                            • Instruction ID: 577a661df8947eb40f951bb70fc819d57e01558edca8971b2e3a6f345409e6c6
                                                                                                                                                                            • Opcode Fuzzy Hash: 2a9289bd4a1658c86afe624b2a0568047633977f90ddc63b7bb368bdd4f00509
                                                                                                                                                                            • Instruction Fuzzy Hash: 04F1D632A08B8185EB10EF79E9406BDB7A1FB84764F944535DA8E03B99DF3CE546CB10
                                                                                                                                                                            Function 00007FF7C7A07FF0 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 360COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocale_invalid_parameter_noinfo_noreturnstd::locale::_
                                                                                                                                                                            • String ID: integral cannot be stored in char
                                                                                                                                                                            • API String ID: 1468110720-960316848
                                                                                                                                                                            • Opcode ID: 6ac6c6afd8063c424509a4c8cddf1b457c85a6048d794b78086499ce2a2a01e0
                                                                                                                                                                            • Instruction ID: 096ba6c51aee12af8e4a0c18a537c994356b9231183cd556a0dfb78123cef8f7
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ac6c6afd8063c424509a4c8cddf1b457c85a6048d794b78086499ce2a2a01e0
                                                                                                                                                                            • Instruction Fuzzy Hash: 94F1F532A08B8185EB14EF79E4406BDB7A0FB84764F944536DA9E03B99DF3CE446CB14
                                                                                                                                                                            Function 00007FF7C7AB8E98 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                            • String ID: 0$f$p$p
                                                                                                                                                                            • API String ID: 3215553584-1202675169
                                                                                                                                                                            • Opcode ID: 78f97fef39102b677912645197bd5e2216509ac6a4016ceb60a8f96d299a1b02
                                                                                                                                                                            • Instruction ID: b4ec80aa85b59e669ab5f796e3142880e54fcf5b04f373acdc5599fe414fdbf0
                                                                                                                                                                            • Opcode Fuzzy Hash: 78f97fef39102b677912645197bd5e2216509ac6a4016ceb60a8f96d299a1b02
                                                                                                                                                                            • Instruction Fuzzy Hash: 53127F32E0C143C6FB247E2D9054ABEBA62FB50764FC44135EE89476C4DE3DE5868B68
                                                                                                                                                                            Function 00007FF7C7A0D8C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                            • String ID: bad locale name$false$true
                                                                                                                                                                            • API String ID: 3230409043-1062449267
                                                                                                                                                                            • Opcode ID: 09b3eb4bdc9fb41e81616f19f5602ba6fc5a7ed3ebb754bad878b0ac6f1c3c99
                                                                                                                                                                            • Instruction ID: 55c4b12f6b12eda053598c22d1c6a81e1e20f5e251116786f652f4a8dd4c1398
                                                                                                                                                                            • Opcode Fuzzy Hash: 09b3eb4bdc9fb41e81616f19f5602ba6fc5a7ed3ebb754bad878b0ac6f1c3c99
                                                                                                                                                                            • Instruction Fuzzy Hash: E081C233A09B818AEB10EF34D4406EDB7A0FF84768F944535EA8D17A69DF38D192C790
                                                                                                                                                                            Function 00007FF7C7AC44EC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                            • String ID: f$p$p
                                                                                                                                                                            • API String ID: 3215553584-1995029353
                                                                                                                                                                            • Opcode ID: 013c691b77988598b62c3cee438838d68335fba0d33f977377c67adf28fcb93e
                                                                                                                                                                            • Instruction ID: 72d2d76a1eac26e2c9d28906288719c2213ddddee15ecce4bd2295a798278e44
                                                                                                                                                                            • Opcode Fuzzy Hash: 013c691b77988598b62c3cee438838d68335fba0d33f977377c67adf28fcb93e
                                                                                                                                                                            • Instruction Fuzzy Hash: 7E128571E1C18359FB607E1DA044ABDFA61EB50764FC44131E6AA477C4DE3EE4828729
                                                                                                                                                                            Function 00007FF7C7AB71E4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7C7AB7496,?,?,?,00007FF7C7AB7150,?,?,?,00007FF7C7AABD79), ref: 00007FF7C7AB7269
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7C7AB7496,?,?,?,00007FF7C7AB7150,?,?,?,00007FF7C7AABD79), ref: 00007FF7C7AB7277
                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7C7AB7496,?,?,?,00007FF7C7AB7150,?,?,?,00007FF7C7AABD79), ref: 00007FF7C7AB72A1
                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7C7AB7496,?,?,?,00007FF7C7AB7150,?,?,?,00007FF7C7AABD79), ref: 00007FF7C7AB730F
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7C7AB7496,?,?,?,00007FF7C7AB7150,?,?,?,00007FF7C7AABD79), ref: 00007FF7C7AB731B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                            • Opcode ID: 759a73078d349aa163438fbaad4896693ce5bce1fbff1477315bafcbe18238c2
                                                                                                                                                                            • Instruction ID: c5888e797d96765f7eab9e6ba73cc0b964c22ba2709b43fa496ddfc735fd6393
                                                                                                                                                                            • Opcode Fuzzy Hash: 759a73078d349aa163438fbaad4896693ce5bce1fbff1477315bafcbe18238c2
                                                                                                                                                                            • Instruction Fuzzy Hash: EA31C632A1A75291EF16AF2A9800939A398FF54BB4F891536ED1D07784DF7CE446C320
                                                                                                                                                                            Function 00007FF7C7AE3B8C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                            • Opcode ID: 5a1d6f36487dc3f1d8f8b64c865ea37def2cff5d3699b1a4c84dd68bbfe19c67
                                                                                                                                                                            • Instruction ID: 9630e6c05f8f32a56e14214cac7966db7581807c554f90661321c0291e1776b0
                                                                                                                                                                            • Opcode Fuzzy Hash: 5a1d6f36487dc3f1d8f8b64c865ea37def2cff5d3699b1a4c84dd68bbfe19c67
                                                                                                                                                                            • Instruction Fuzzy Hash: F0119331B18B4286E350AF16E84472AA3A0FB88FF9F904234EA5E87794DF7DD4568750
                                                                                                                                                                            Function 00007FF7C7AA7410 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_FeaturePresentProcessorRegister
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 377724206-0
                                                                                                                                                                            • Opcode ID: 084c5f5f26dd4781d6c42cf46b864011909582659bb4b42017e2ae03abf95dba
                                                                                                                                                                            • Instruction ID: 3cc35014ab73dc397666bb445da2a38264c3a337439dc262d88108ba7dc6e530
                                                                                                                                                                            • Opcode Fuzzy Hash: 084c5f5f26dd4781d6c42cf46b864011909582659bb4b42017e2ae03abf95dba
                                                                                                                                                                            • Instruction Fuzzy Hash: BF515D32A09A4681EF15AF2DE440ABDA361EB44BB4F984432DE4D473A5DF3CE443C7A0
                                                                                                                                                                            Function 00007FF7C7AD6628 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD6637
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD666D
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD669A
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD66AB
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD66BC
                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF7C7ABA685,?,?,?,?,00007FF7C7AD68A8), ref: 00007FF7C7AD66D7
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                            • Opcode ID: 91852aa110674ac9c24f94b64ba0f2ff620002f532e74a300f46c95ec0a82375
                                                                                                                                                                            • Instruction ID: 7f7e29ad895bada58ace7334ed9445e771ad7f94086afdc2dd247a98f7a4db73
                                                                                                                                                                            • Opcode Fuzzy Hash: 91852aa110674ac9c24f94b64ba0f2ff620002f532e74a300f46c95ec0a82375
                                                                                                                                                                            • Instruction Fuzzy Hash: 16115E20F0825242FB1C7F7956D187DD2A25F647F0FD44734E92E476E6EE2CA8034621
                                                                                                                                                                            Function 00007FF7C79FC370 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide$__std_exception_copy
                                                                                                                                                                            • String ID: to_narrow<wchar_t> invalid arguments$to_narrow<wchar_t>::WideCharToMultiByte
                                                                                                                                                                            • API String ID: 2551222438-1534530176
                                                                                                                                                                            • Opcode ID: a82ae380f2dbfdaf217b5ded9be730add4dd81de0ad525a4756445705a469dbf
                                                                                                                                                                            • Instruction ID: bd18e0b9ff4c1a852be34164ee679cf1d0424a1d38c357dc2698532fd4716111
                                                                                                                                                                            • Opcode Fuzzy Hash: a82ae380f2dbfdaf217b5ded9be730add4dd81de0ad525a4756445705a469dbf
                                                                                                                                                                            • Instruction Fuzzy Hash: 3451D732A18B4682EB10EF15E880A7DB7A4FB957E4F905131EB5D03A64EF3CD596C710
                                                                                                                                                                            Function 00007FF7C7ADB624 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                            • Opcode ID: ac91ad3d68199f0ec4fa3bd46b25ec0b79f8e5c2f106d6f4040be9a72637721b
                                                                                                                                                                            • Instruction ID: 98fd899959f6950b9e433a7a6fea25c2fb8b434f3d8d4dd2c4bb1026e3b50d9a
                                                                                                                                                                            • Opcode Fuzzy Hash: ac91ad3d68199f0ec4fa3bd46b25ec0b79f8e5c2f106d6f4040be9a72637721b
                                                                                                                                                                            • Instruction Fuzzy Hash: E611C122E18A4345FB543AADD4D1B7D91406F74370F840638FA7E076E6DE3CA9434126
                                                                                                                                                                            Function 00007FF7C7AD66F0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF7C7AB868F,?,?,00000000,00007FF7C7AB892A,?,?,?,?,?,00007FF7C7AB88B6), ref: 00007FF7C7AD670F
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7AB868F,?,?,00000000,00007FF7C7AB892A,?,?,?,?,?,00007FF7C7AB88B6), ref: 00007FF7C7AD672E
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7AB868F,?,?,00000000,00007FF7C7AB892A,?,?,?,?,?,00007FF7C7AB88B6), ref: 00007FF7C7AD6756
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7AB868F,?,?,00000000,00007FF7C7AB892A,?,?,?,?,?,00007FF7C7AB88B6), ref: 00007FF7C7AD6767
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF7C7AB868F,?,?,00000000,00007FF7C7AB892A,?,?,?,?,?,00007FF7C7AB88B6), ref: 00007FF7C7AD6778
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                            • Opcode ID: 4193c94dce9e61c02937071bec6ee9478587286d16481f869d12abfb897ff5e4
                                                                                                                                                                            • Instruction ID: 5ca3af870b3fe2addac513aa321b8e1b66af4e7156ba1ab8e2e443854e6ac818
                                                                                                                                                                            • Opcode Fuzzy Hash: 4193c94dce9e61c02937071bec6ee9478587286d16481f869d12abfb897ff5e4
                                                                                                                                                                            • Instruction Fuzzy Hash: 04113D20F0864681FB587F3999D197E92915F647F0ED84735E93D476E6EE2CF8034620
                                                                                                                                                                            Function 00007FF7C7A975A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 165libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7C7A9764F
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7C7A9765F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                            • String ID: onexit_register_connector_avast_2$onexit_register_connector_avast_2 export not found
                                                                                                                                                                            • API String ID: 1646373207-2937613418
                                                                                                                                                                            • Opcode ID: b6d3f747c1d79caa1cf08ccd8dc11830292a0e1d0a24979e8d9c85b85dd84ca0
                                                                                                                                                                            • Instruction ID: 2923ba77ae04e71d84629565f85dc37953f2dc5123383bd61df4907a80743966
                                                                                                                                                                            • Opcode Fuzzy Hash: b6d3f747c1d79caa1cf08ccd8dc11830292a0e1d0a24979e8d9c85b85dd84ca0
                                                                                                                                                                            • Instruction Fuzzy Hash: 28716032A15B4186E710DF25F880A6DB3A4FB84BA4F948136EB9E03760DF3CD496C750
                                                                                                                                                                            Function 00007FF7C7AD25B4 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                            • Opcode ID: 93d5df08eab0b4e75007fd6021b5e020f644125cff1667770baf25001e86f124
                                                                                                                                                                            • Instruction ID: c4e728e36b38c6098d5cf30df46836a8cc8370a52b5d37d277d0b79308998b26
                                                                                                                                                                            • Opcode Fuzzy Hash: 93d5df08eab0b4e75007fd6021b5e020f644125cff1667770baf25001e86f124
                                                                                                                                                                            • Instruction Fuzzy Hash: 52D1F232B08A8189E721DF79D4805ACB7B1FB547A8B548232DE4D97BD9DE38D507C710
                                                                                                                                                                            Function 00007FF7C7AD2F90 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,?,00007FF7C7AD2F30), ref: 00007FF7C7AD30B3
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,?,00007FF7C7AD2F30), ref: 00007FF7C7AD313D
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                            • Opcode ID: 90ce15acb76d576162d926646335ef57c435521b4091eed73a8068e972952d3c
                                                                                                                                                                            • Instruction ID: 8fc8e49c690b36716aa0da092c36debfa94345e10391b8be00af49a81a098b8e
                                                                                                                                                                            • Opcode Fuzzy Hash: 90ce15acb76d576162d926646335ef57c435521b4091eed73a8068e972952d3c
                                                                                                                                                                            • Instruction Fuzzy Hash: 9891E372E1865285FB50EF6D94C0ABDABA0FB24BA8F844135EE0E57694DF38D447C720
                                                                                                                                                                            Function 00007FF7C79FCAB0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88480: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FF7C7A88590), ref: 00007FF7C7A884C1
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88480: DeleteCriticalSection.KERNEL32(?,?,?,?,?,00007FF7C7A88590), ref: 00007FF7C7A884DA
                                                                                                                                                                              • Part of subcall function 00007FF7C7A88480: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF7C7A88590), ref: 00007FF7C7A88537
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF7C79FDF25), ref: 00007FF7C79FCB10
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7C79FCB51
                                                                                                                                                                            • CreateEventW.KERNEL32(?,?,?,?,?,?,?,00007FF7C79FDF25), ref: 00007FF7C79FCB85
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7C79FCB9F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$Leave$CloseCreateDeleteEnterEventHandleInitialize
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3435541109-0
                                                                                                                                                                            • Opcode ID: 52d02ba3da4d4dd7dc935723575673826c30cb8bf2993f6b1f6fe00d29a5b5dc
                                                                                                                                                                            • Instruction ID: ab1def4daaa2f656517d66469132ae03c26c7a1eb8a53b907d6da5043db83711
                                                                                                                                                                            • Opcode Fuzzy Hash: 52d02ba3da4d4dd7dc935723575673826c30cb8bf2993f6b1f6fe00d29a5b5dc
                                                                                                                                                                            • Instruction Fuzzy Hash: A331D532918B8282E751AF21E44076EF7A0FB897B5F889531EB8D07695DF3CE492C750
                                                                                                                                                                            Function 00007FF7C7A99160 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide__std_exception_copy__std_exception_destroy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 215045438-0
                                                                                                                                                                            • Opcode ID: b6a57183cbcc3caf8dded64f9550250f60e0d7cc434e608ffe66a40ffba18141
                                                                                                                                                                            • Instruction ID: b2c6999f5d792e5a1e228e4b8cb04fcf675625d2f8659fc54bf36aa1981e850b
                                                                                                                                                                            • Opcode Fuzzy Hash: b6a57183cbcc3caf8dded64f9550250f60e0d7cc434e608ffe66a40ffba18141
                                                                                                                                                                            • Instruction Fuzzy Hash: CB214132618B8195EB50EF24F4507AEB3A4FB843A0F904235E79C476A5DF3CD986CB50
                                                                                                                                                                            Function 00007FF7C79FC7B0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2960854011-0
                                                                                                                                                                            • Opcode ID: 31af9900460e1b076c45b9c78827b63ef37313c884f2d91ad3ab3dae0954e304
                                                                                                                                                                            • Instruction ID: 316bfacb7dce188799b72dfeafe905c7136a8b963d01ebdfb7d8632125761783
                                                                                                                                                                            • Opcode Fuzzy Hash: 31af9900460e1b076c45b9c78827b63ef37313c884f2d91ad3ab3dae0954e304
                                                                                                                                                                            • Instruction Fuzzy Hash: DF11D632A28B8081EB00EF14E4804ADB7A4FF987A4F905135FA4D03655EF38D9C6CB60
                                                                                                                                                                            Function 00007FF7C7AA97E4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                            • Opcode ID: a79ee3274455eda1db0c18c26e31687a9c8a19ea449eb1b0d6fd8f6fbe0c9ae7
                                                                                                                                                                            • Instruction ID: e5aeb97769f147d4876d24a20a1ec288c8b343b72c361c304005e958cdd2f257
                                                                                                                                                                            • Opcode Fuzzy Hash: a79ee3274455eda1db0c18c26e31687a9c8a19ea449eb1b0d6fd8f6fbe0c9ae7
                                                                                                                                                                            • Instruction Fuzzy Hash: 1F115A32B14F068AEB00DF60E8442BD73A4FB19768F840E31EA2D827A4DF78D1998350
                                                                                                                                                                            Function 00007FF7C7A0EAE0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF7C7A0ED3B
                                                                                                                                                                              • Part of subcall function 00007FF7C7AA6638: MultiByteToWideChar.KERNEL32 ref: 00007FF7C7AA6654
                                                                                                                                                                              • Part of subcall function 00007FF7C7AA6638: GetLastError.KERNEL32 ref: 00007FF7C7AA6662
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWide__std_fs_convert_narrow_to_wide
                                                                                                                                                                            • String ID: \u{$\x{
                                                                                                                                                                            • API String ID: 1033888727-3325273574
                                                                                                                                                                            • Opcode ID: a6dd7f46af4acda281db1a304afc9ed0412237ec07c826051b9252b24951f5a4
                                                                                                                                                                            • Instruction ID: 7d3f8664e12a61ef72ead204d77f15d0b50e87a7950795aab67cb1d050238631
                                                                                                                                                                            • Opcode Fuzzy Hash: a6dd7f46af4acda281db1a304afc9ed0412237ec07c826051b9252b24951f5a4
                                                                                                                                                                            • Instruction Fuzzy Hash: D4F15B77A08B8985DB14AF2AD58067DBB65F744F99F848422CE9E03368CF38D856D360
                                                                                                                                                                            Function 00007FF7C7A64860 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InitInitializeOnce$BeginCompleteCriticalSection
                                                                                                                                                                            • String ID: Singleton already destroyed
                                                                                                                                                                            • API String ID: 1264858881-257684709
                                                                                                                                                                            • Opcode ID: 851ec6bb553dea1920f4f179640fdafd454d48d4180fedbda9415dd802f7db27
                                                                                                                                                                            • Instruction ID: 3ed714ded872de75039df64775fb769708c0564c5f38a9917d492cc99e7a2e4e
                                                                                                                                                                            • Opcode Fuzzy Hash: 851ec6bb553dea1920f4f179640fdafd454d48d4180fedbda9415dd802f7db27
                                                                                                                                                                            • Instruction Fuzzy Hash: 2D51B372A09B4686EB10EF19E84076EB3A0FF84BA4F948131DA9D47764DF3CD582C750
                                                                                                                                                                            Function 00007FF7C7AAB8D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileFindHeaderInstanceTargetType
                                                                                                                                                                            • String ID: Bad dynamic_cast!
                                                                                                                                                                            • API String ID: 746355257-2956939130
                                                                                                                                                                            • Opcode ID: 6ccfc2690520a0d7a7a0635baf1d140dc9f1c9ac7e542af050bd8dfe33b3b6f0
                                                                                                                                                                            • Instruction ID: 24bb06274fc7a512906491efc9e4b64fe47c02c2e0ac0461ba791799c5427d49
                                                                                                                                                                            • Opcode Fuzzy Hash: 6ccfc2690520a0d7a7a0635baf1d140dc9f1c9ac7e542af050bd8dfe33b3b6f0
                                                                                                                                                                            • Instruction Fuzzy Hash: EA31626271878686DB60DF69E440EBDA390BB44BB5F508535EE4D43754DF3CD142CB50
                                                                                                                                                                            Function 00007FF7C7AD2C60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                            • String ID: U
                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                            • Opcode ID: 9392cb391c11bb0ea7e9509be0819d39a61c4c196ed2f9d81cc4a2524e7cc308
                                                                                                                                                                            • Instruction ID: b22cd104337feb0a77f37c15e4a8a730268b9f5b5fa85c390e9bf5a946451254
                                                                                                                                                                            • Opcode Fuzzy Hash: 9392cb391c11bb0ea7e9509be0819d39a61c4c196ed2f9d81cc4a2524e7cc308
                                                                                                                                                                            • Instruction Fuzzy Hash: BE41D672B19A4182DB10EF29E4547AEA760FB987A4F808031EE8D87794EF3CD442C750
                                                                                                                                                                            Function 00007FF7C7A15CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                            • API String ID: 1838369231-1405518554
                                                                                                                                                                            • Opcode ID: 07d3153f20ce2c580e0d6006a94a8847e72647dad0a2d6d794f15045b2b0dfd4
                                                                                                                                                                            • Instruction ID: 26d9bf3e42217b723956505977fc3aeae226627cc0c499b8358dce3b24e75110
                                                                                                                                                                            • Opcode Fuzzy Hash: 07d3153f20ce2c580e0d6006a94a8847e72647dad0a2d6d794f15045b2b0dfd4
                                                                                                                                                                            • Instruction Fuzzy Hash: 26119173516B80C9DB84EF79E48022D77B4EB58B54F186035DA8D4330AEF38C491C750
                                                                                                                                                                            Function 00007FF7C79FBFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: string too long
                                                                                                                                                                            • API String ID: 73155330-2556327735
                                                                                                                                                                            • Opcode ID: 4884af5301836826155f586539c81e37caab1b9dc74b51d6354beef557b7d0c2
                                                                                                                                                                            • Instruction ID: 40265f6386c73614f6e11d9534d8c1f0375ac8f84d32f2393409dd2f752b94aa
                                                                                                                                                                            • Opcode Fuzzy Hash: 4884af5301836826155f586539c81e37caab1b9dc74b51d6354beef557b7d0c2
                                                                                                                                                                            • Instruction Fuzzy Hash: 41E06575E1A60785ED08BF25D49647D92A05F553B0FD14B30E67D037D2DE1CE4538760
                                                                                                                                                                            Function 00007FF7C7AABA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000002.00000002.3335568003.00007FF7C79F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF7C79F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000002.00000002.3335518132.00007FF7C79F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335767152.00007FF7C7B06000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335872909.00007FF7C7B6B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335928279.00007FF7C7B6E000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3335980363.00007FF7C7B70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            • Associated: 00000002.00000002.3336034622.00007FF7C7B76000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff7c79f0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                            • Opcode ID: 457b9b83ac83e01f44cfcc1b112082db032e27b24efee9debe29c097b34cb555
                                                                                                                                                                            • Instruction ID: 4d1517193e4c28ac4dcbcff06909229f5d12f2a596c23165130e32dbb789e4a3
                                                                                                                                                                            • Opcode Fuzzy Hash: 457b9b83ac83e01f44cfcc1b112082db032e27b24efee9debe29c097b34cb555
                                                                                                                                                                            • Instruction Fuzzy Hash: FD113D32618B8182EB219F19F440669B7E5FB88BA8F984234EE8C47758DF3CD552CB50

                                                                                                                                                                            Execution Graph

                                                                                                                                                                            Execution Coverage:8.3%
                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                            Signature Coverage:2.2%
                                                                                                                                                                            Total number of Nodes:178
                                                                                                                                                                            Total number of Limit Nodes:16
                                                                                                                                                                            execution_graph 17926 7ff62e1b3240 17927 7ff62e1b3260 17926->17927 17930 7ff62e3526c0 17927->17930 17931 7ff62e3526e3 GetSystemTimes 17930->17931 17932 7ff62e1b3281 17931->17932 18042 7ff62e1b2060 18043 7ff62e1b209f 18042->18043 18044 7ff62e1f4dd0 2 API calls 18043->18044 18045 7ff62e1b20c6 18044->18045 18108 7ff62e1baa40 18109 7ff62e1bca90 CloseHandle 18108->18109 18110 7ff62e1baa65 18109->18110 18111 7ff62e1bc490 CloseHandle 18110->18111 18115 7ff62e1babc8 18110->18115 18113 7ff62e1baa97 18111->18113 18112 7ff62e1babbc 18114 7ff62e1bca90 CloseHandle 18112->18114 18113->18112 18116 7ff62e1babfd 18113->18116 18114->18115 18121 7ff62e1bbb90 18116->18121 18119 7ff62e1bca90 CloseHandle 18120 7ff62e1bac66 18119->18120 18122 7ff62e1bca90 CloseHandle 18121->18122 18123 7ff62e1bac56 18122->18123 18123->18119 18123->18120 18128 7ff62e1bd300 18129 7ff62e1bd32a 18128->18129 18130 7ff62e1bd494 18129->18130 18131 7ff62e306150 CloseHandle 18129->18131 18131->18130 18055 7ff62e2f6490 18056 7ff62e2f64b4 18055->18056 18058 7ff62e2f64a9 18055->18058 18059 7ff62e30a930 18056->18059 18060 7ff62e30aa2c 18059->18060 18064 7ff62e30a95c 18059->18064 18060->18058 18061 7ff62e30a9b1 18062 7ff62e30cab0 CompareStringW 18061->18062 18063 7ff62e30a9e5 18061->18063 18062->18063 18066 7ff62e30cab0 CompareStringW 18063->18066 18068 7ff62e30aa59 18063->18068 18064->18060 18064->18061 18073 7ff62e30cab0 18064->18073 18067 7ff62e30aa11 18066->18067 18067->18068 18069 7ff62e30aa1d 18067->18069 18071 7ff62e30a930 6 API calls 18068->18071 18078 7ff62e30bf90 18069->18078 18072 7ff62e30aac9 18071->18072 18072->18058 18074 7ff62e30caeb 18073->18074 18076 7ff62e30cb01 18073->18076 18074->18061 18075 7ff62e30cc1b CompareStringW 18075->18076 18076->18075 18077 7ff62e30cb1c 18076->18077 18077->18061 18079 7ff62e30bff2 18078->18079 18086 7ff62e30b750 18079->18086 18081 7ff62e30c937 18081->18060 18082 7ff62e30c07d 18082->18081 18083 7ff62e1f4dd0 2 API calls 18082->18083 18084 7ff62e30c8f2 18083->18084 18090 7ff62e1f0f20 18084->18090 18087 7ff62e30b77f 18086->18087 18088 7ff62e226090 CloseHandle 18087->18088 18089 7ff62e30b791 18087->18089 18088->18089 18089->18082 18093 7ff62e30d5f0 18090->18093 18092 7ff62e1f0f4f 18092->18081 18094 7ff62e310a90 18093->18094 18095 7ff62e30d636 RegQueryValueExW 18094->18095 18096 7ff62e30d691 18095->18096 18097 7ff62e30d6a6 RegCloseKey 18096->18097 18098 7ff62e30d6b3 18096->18098 18097->18098 18098->18092 17937 7ff62e1e7660 17938 7ff62e1e76e4 17937->17938 17941 7ff62e2fbc80 17938->17941 17940 7ff62e1e773c 17942 7ff62e2fbcaf 17941->17942 17943 7ff62e2fbd47 17942->17943 17944 7ff62e2fbd1e NtQueryInformationProcess 17942->17944 17943->17940 17944->17943 18124 7ff62e2e4ad0 18125 7ff62e2e4b0a 18124->18125 18127 7ff62e2e4bde 18124->18127 18126 7ff62e306150 CloseHandle 18125->18126 18125->18127 18126->18127 18127->18127 17945 7ff62e33b860 17947 7ff62e33b980 17945->17947 17948 7ff62e33ba7c 17947->17948 17949 7ff62e2f7400 17947->17949 17950 7ff62e2f7453 17949->17950 17951 7ff62e2f74d5 17950->17951 17952 7ff62e2f75d2 17950->17952 17959 7ff62e2f7459 17950->17959 17954 7ff62e2f74fb 17951->17954 17956 7ff62e2f7515 17951->17956 17960 7ff62e226090 17952->17960 17955 7ff62e2f7400 CloseHandle 17954->17955 17955->17959 17957 7ff62e2f7400 CloseHandle 17956->17957 17957->17959 17958 7ff62e2f75d7 17958->17947 17959->17947 17961 7ff62e2260a0 17960->17961 17964 7ff62e225d90 17961->17964 17963 7ff62e22613e 17963->17958 17966 7ff62e225dca 17964->17966 17967 7ff62e225df4 17966->17967 17969 7ff62e1b6c90 17966->17969 17967->17963 17968 7ff62e226025 17968->17963 17972 7ff62e1bc490 17969->17972 17971 7ff62e1b6ceb 17971->17968 17975 7ff62e1bca90 17972->17975 17974 7ff62e1bc4bd 17974->17971 17976 7ff62e1bcad1 17975->17976 17977 7ff62e1bcb91 17975->17977 17976->17977 17979 7ff62e306150 17976->17979 17977->17974 17980 7ff62e306190 17979->17980 17981 7ff62e3061c4 CloseHandle 17980->17981 17982 7ff62e3061db 17980->17982 17981->17982 17982->17977 18046 7ff62e30e4a0 18047 7ff62e30e61d 18046->18047 18048 7ff62e30e4de 18046->18048 18049 7ff62e1f4dd0 2 API calls 18048->18049 18050 7ff62e30e50d 18048->18050 18049->18050 18019 7ff62e1ba430 18032 7ff62e1bcc70 18019->18032 18021 7ff62e1ba5b8 18022 7ff62e1ba455 18022->18021 18036 7ff62e1bc1f0 18022->18036 18024 7ff62e1ba487 18025 7ff62e1ba5ac 18024->18025 18027 7ff62e1ba5ed 18024->18027 18026 7ff62e1bcc70 CloseHandle 18025->18026 18026->18021 18039 7ff62e1bbc10 18027->18039 18030 7ff62e1bcc70 CloseHandle 18031 7ff62e1ba656 18030->18031 18033 7ff62e1bcd71 18032->18033 18034 7ff62e1bccb1 18032->18034 18033->18022 18034->18033 18035 7ff62e306150 CloseHandle 18034->18035 18035->18033 18037 7ff62e1bcc70 CloseHandle 18036->18037 18038 7ff62e1bc21d 18037->18038 18038->18024 18040 7ff62e1bcc70 CloseHandle 18039->18040 18041 7ff62e1ba646 18040->18041 18041->18030 18041->18031 18051 7ff62e1c14b0 18052 7ff62e1c14d3 18051->18052 18053 7ff62e1c14c4 18051->18053 18054 7ff62e306150 CloseHandle 18053->18054 18054->18052 18105 7ff62e1c4a30 18106 7ff62e30a930 6 API calls 18105->18106 18107 7ff62e1c4a53 18106->18107 18132 7ff62e1ba710 18133 7ff62e1bc1f0 CloseHandle 18132->18133 18134 7ff62e1ba72e 18133->18134 17933 7ff62e1f4a30 17934 7ff62e1f4a5f 17933->17934 17936 7ff62e1f4ab9 17933->17936 17935 7ff62e1f4a7b DeviceIoControl 17934->17935 17934->17936 17935->17936 18003 7ff62e1b6f52 18004 7ff62e1b6f56 18003->18004 18005 7ff62e1b6c90 CloseHandle 18004->18005 18007 7ff62e1b777b 18004->18007 18008 7ff62e1b70b3 18004->18008 18005->18008 18006 7ff62e1b6c90 CloseHandle 18009 7ff62e1b7545 18006->18009 18008->18006 18008->18007 18011 7ff62e1b76a1 18009->18011 18012 7ff62e1bfbb0 18009->18012 18013 7ff62e1b6c90 CloseHandle 18012->18013 18014 7ff62e1bfbf9 18013->18014 18014->18011 17983 7ff62e30dd50 17984 7ff62e30ddb6 17983->17984 17986 7ff62e30dee1 17984->17986 17987 7ff62e30df90 17984->17987 17990 7ff62e30e002 17987->17990 17988 7ff62e30f090 RegQueryValueExW 17988->17990 17989 7ff62e30e1ce 17989->17984 17990->17988 17990->17989 17991 7ff62e30e2d0 17992 7ff62e30e33c 17991->17992 17993 7ff62e30e33f RegCreateKeyExW 17991->17993 17992->17993 17994 7ff62e30e383 17993->17994 17996 7ff62e30e397 17993->17996 17997 7ff62e1f4dd0 17994->17997 17998 7ff62e1f4e2c 17997->17998 17999 7ff62e1f4e42 17998->17999 18000 7ff62e1f4f1c GetSystemTimes 17998->18000 17999->17996 18001 7ff62e1f4f37 GetProcessTimes 18000->18001 18002 7ff62e1f4f5e 18000->18002 18001->18002 18002->17996 18015 7ff62e259fc0 18016 7ff62e25a003 18015->18016 18018 7ff62e25a0fb 18015->18018 18017 7ff62e1b6c90 CloseHandle 18016->18017 18016->18018 18017->18018

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00007FF62E318730 Relevance: 9.1, APIs: 3, Strings: 1, Instructions: 2077timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF62E31A5A3), ref: 00007FF62E318C80
                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF62E31A5A3), ref: 00007FF62E31917C
                                                                                                                                                                            • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF62E31A5A3), ref: 00007FF62E3193F7
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DiskFreeGlobalMemorySpaceStatusSystemTimes
                                                                                                                                                                            • String ID: @
                                                                                                                                                                            • API String ID: 3933043144-2766056989
                                                                                                                                                                            • Opcode ID: babe25723c22639c6c0d9c80d811297ffacdbb1342181ff3a3519c3ce74aa173
                                                                                                                                                                            • Instruction ID: 6bf1cce02e8337a6f5cd0e5601019e06c9e85a8775238e34d3dcb5813c3359d6
                                                                                                                                                                            • Opcode Fuzzy Hash: babe25723c22639c6c0d9c80d811297ffacdbb1342181ff3a3519c3ce74aa173
                                                                                                                                                                            • Instruction Fuzzy Hash: 59132EB26186828BDB548F2CD89026E77B0F7A6745F54013EF389CB689EB3DD945CB00
                                                                                                                                                                            Function 00007FF62E2FBC80 Relevance: 1.6, APIs: 1, Instructions: 61nativeCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1369 7ff62e2fbc80-7ff62e2fbcad 1370 7ff62e2fbcf4-7ff62e2fbd00 call 7ff62e1ea260 1369->1370 1371 7ff62e2fbcaf-7ff62e2fbcc2 1369->1371 1375 7ff62e2fbd02-7ff62e2fbd11 1370->1375 1376 7ff62e2fbd6d-7ff62e2fbd80 1370->1376 1371->1370 1377 7ff62e2fbcc4-7ff62e2fbce8 1371->1377 1378 7ff62e2fbd13-7ff62e2fbd45 NtQueryInformationProcess 1375->1378 1379 7ff62e2fbd69-7ff62e2fbd6b 1375->1379 1377->1370 1378->1379 1385 7ff62e2fbd47-7ff62e2fbd50 1378->1385 1381 7ff62e2fbd52-7ff62e2fbd68 1379->1381 1385->1379 1385->1381
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InformationProcessQuery
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1778838933-0
                                                                                                                                                                            • Opcode ID: 63e9ed928882ac805af18f6f88a2aefad8e613f9aabaae07ded537a0462b832d
                                                                                                                                                                            • Instruction ID: 40e47ee3d16f94d10cfa86c64562e41bd193e35ac8dd5029e9c36d6ee2a242c3
                                                                                                                                                                            • Opcode Fuzzy Hash: 63e9ed928882ac805af18f6f88a2aefad8e613f9aabaae07ded537a0462b832d
                                                                                                                                                                            • Instruction Fuzzy Hash: E4215C21A19A4686EF509B21EDA11B533A0FFA5740F40113AF94E933A1DF3CE455CB12
                                                                                                                                                                            Function 00007FF62E3177D0 Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1077 7ff62e3177d0-7ff62e31780b 1079 7ff62e317811-7ff62e31781e call 7ff62e30a930 1077->1079 1080 7ff62e317893-7ff62e317898 1077->1080 1089 7ff62e317820-7ff62e317823 1079->1089 1090 7ff62e317842 1079->1090 1082 7ff62e31789a-7ff62e3178a8 call 7ff62e30a930 1080->1082 1083 7ff62e3178fe-7ff62e317908 1080->1083 1097 7ff62e3178aa-7ff62e3178ad 1082->1097 1098 7ff62e3178cc 1082->1098 1084 7ff62e31790a-7ff62e317915 call 7ff62e30a930 1083->1084 1085 7ff62e31796b-7ff62e317988 1083->1085 1104 7ff62e317917-7ff62e31791a 1084->1104 1105 7ff62e317939 1084->1105 1101 7ff62e31798a-7ff62e3179ae 1085->1101 1102 7ff62e3179b2-7ff62e3179c2 1085->1102 1095 7ff62e31783b-7ff62e317840 1089->1095 1096 7ff62e317825-7ff62e317828 1089->1096 1092 7ff62e317845-7ff62e317878 CreateFileW 1090->1092 1099 7ff62e31787a-7ff62e31787d 1092->1099 1100 7ff62e317890 1092->1100 1095->1092 1106 7ff62e31782a-7ff62e31782d 1096->1106 1107 7ff62e317834-7ff62e317839 1096->1107 1108 7ff62e3178af-7ff62e3178b2 1097->1108 1109 7ff62e3178c5-7ff62e3178ca 1097->1109 1103 7ff62e3178cf-7ff62e3178fa CreateFileW 1098->1103 1099->1080 1110 7ff62e31787f-7ff62e31788e call 7ff62e3179f0 1099->1110 1100->1080 1101->1102 1103->1083 1111 7ff62e31791c-7ff62e31791f 1104->1111 1112 7ff62e317932-7ff62e317937 1104->1112 1116 7ff62e31793c-7ff62e317967 CreateFileW 1105->1116 1106->1092 1113 7ff62e31782f-7ff62e317832 1106->1113 1107->1092 1114 7ff62e3178be-7ff62e3178c3 1108->1114 1115 7ff62e3178b4-7ff62e3178b7 1108->1115 1109->1103 1110->1080 1119 7ff62e31792b-7ff62e317930 1111->1119 1120 7ff62e317921-7ff62e317924 1111->1120 1112->1116 1113->1092 1114->1103 1115->1103 1121 7ff62e3178b9-7ff62e3178bc 1115->1121 1116->1085 1119->1116 1120->1116 1123 7ff62e317926-7ff62e317929 1120->1123 1121->1103 1123->1116
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                            • Opcode ID: cd9b3e18c9b351f7a62e4e1ff5606561f6cabb9bf1c11b4387f616ff0d885b68
                                                                                                                                                                            • Instruction ID: f887d4c79b559832667ce3abe3eab876eaefa37fd3ba5d2f5cf451a30f0b55bf
                                                                                                                                                                            • Opcode Fuzzy Hash: cd9b3e18c9b351f7a62e4e1ff5606561f6cabb9bf1c11b4387f616ff0d885b68
                                                                                                                                                                            • Instruction Fuzzy Hash: 31517132D0864286EB649F64AC9423837A0FB66B61F59033DEA5D87BD4CF3CE845C742
                                                                                                                                                                            Function 00007FF62E3072C0 Relevance: 4.6, APIs: 3, Instructions: 112COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1125 7ff62e3072c0-7ff62e3072e4 1126 7ff62e3072e9-7ff62e3072f8 CreateDirectoryW 1125->1126 1127 7ff62e3072e6 1125->1127 1128 7ff62e3072fe-7ff62e307309 1126->1128 1129 7ff62e307457-7ff62e307465 1126->1129 1127->1126 1131 7ff62e307345-7ff62e307348 1128->1131 1132 7ff62e30730b-7ff62e307310 1128->1132 1133 7ff62e30734a-7ff62e30735d 1131->1133 1134 7ff62e307336-7ff62e307344 1131->1134 1135 7ff62e307315-7ff62e307321 1132->1135 1136 7ff62e307312 1132->1136 1137 7ff62e307360-7ff62e30736f 1133->1137 1142 7ff62e307323-7ff62e307325 1135->1142 1143 7ff62e30732b 1135->1143 1136->1135 1138 7ff62e307374-7ff62e307397 call 7ff62e1c97a0 1137->1138 1139 7ff62e307371 1137->1139 1145 7ff62e3073f4-7ff62e30740b 1138->1145 1146 7ff62e307399-7ff62e3073bd 1138->1146 1139->1138 1142->1129 1142->1143 1143->1134 1147 7ff62e307410-7ff62e30741a CreateDirectoryW 1145->1147 1148 7ff62e30740d 1145->1148 1149 7ff62e3073c2-7ff62e3073ea call 7ff62e1b7a00 CreateDirectoryW call 7ff62e1bc6c0 1146->1149 1150 7ff62e3073bf 1146->1150 1147->1129 1151 7ff62e30741c-7ff62e307429 1147->1151 1148->1147 1158 7ff62e3073ef 1149->1158 1150->1149 1156 7ff62e30742e-7ff62e30743a 1151->1156 1157 7ff62e30742b 1151->1157 1160 7ff62e307440-7ff62e307456 1156->1160 1161 7ff62e30743c-7ff62e30743e 1156->1161 1157->1156 1158->1137 1161->1129 1161->1160
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4241100979-0
                                                                                                                                                                            • Opcode ID: 16d5db4af59a0a75d977a8ea0f01006e144d77a38e03915d1ee87dd09b329057
                                                                                                                                                                            • Instruction ID: b31602845463c3506fa8f8e54243a3fbedc75c25db6041781281474f6648a9c2
                                                                                                                                                                            • Opcode Fuzzy Hash: 16d5db4af59a0a75d977a8ea0f01006e144d77a38e03915d1ee87dd09b329057
                                                                                                                                                                            • Instruction Fuzzy Hash: 1141E532E08A8285EF109F25EC8417D6391FBA4B95F444539FE5E83698CF3CE496C702
                                                                                                                                                                            Function 00007FF62E1F4A30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1163 7ff62e1f4a30-7ff62e1f4a59 1164 7ff62e1f4b03-7ff62e1f4b1b 1163->1164 1165 7ff62e1f4a5f-7ff62e1f4a75 1163->1165 1168 7ff62e1f4afb 1165->1168 1169 7ff62e1f4a7b-7ff62e1f4ab7 DeviceIoControl 1165->1169 1168->1164 1169->1168 1170 7ff62e1f4ab9-7ff62e1f4af9 1169->1170 1170->1168
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ControlDevice
                                                                                                                                                                            • String ID: X
                                                                                                                                                                            • API String ID: 2352790924-3081909835
                                                                                                                                                                            • Opcode ID: 21dee721f01871c4c272bfec4b788d61ef22f7945d3aecd34124866ac1238a82
                                                                                                                                                                            • Instruction ID: 350b382ecca5668524b186c26a12e98fea4076729d02323c076bc9039d74654b
                                                                                                                                                                            • Opcode Fuzzy Hash: 21dee721f01871c4c272bfec4b788d61ef22f7945d3aecd34124866ac1238a82
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D215132A18F8582EB508F24E48536A73A4FB98B58F105339DE9D43799DF7CD495CB40
                                                                                                                                                                            Function 00007FF62E1F4DD0 Relevance: 3.1, APIs: 2, Instructions: 138timeCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1171 7ff62e1f4dd0-7ff62e1f4e2a 1172 7ff62e1f4e2f-7ff62e1f4e3c 1171->1172 1173 7ff62e1f4e2c 1171->1173 1174 7ff62e1f4e42-7ff62e1f4e4e 1172->1174 1175 7ff62e1f4ee0-7ff62e1f4f35 call 7ff62e1b3820 GetSystemTimes 1172->1175 1173->1172 1177 7ff62e1f4e50-7ff62e1f4e6a 1174->1177 1178 7ff62e1f4e6b-7ff62e1f4e79 1174->1178 1186 7ff62e1f4fb2-7ff62e1f4fcc 1175->1186 1187 7ff62e1f4f37-7ff62e1f4f5c GetProcessTimes 1175->1187 1180 7ff62e1f4e9a-7ff62e1f4edf call 7ff62e1ea400 1178->1180 1181 7ff62e1f4e7b-7ff62e1f4e8a 1178->1181 1181->1180 1182 7ff62e1f4e8c-7ff62e1f4e96 1181->1182 1182->1180 1187->1186 1189 7ff62e1f4f5e-7ff62e1f4f68 1187->1189 1189->1186 1190 7ff62e1f4f6a-7ff62e1f4faf 1189->1190 1190->1186
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Times$ProcessSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1036515374-0
                                                                                                                                                                            • Opcode ID: 1a3a329eb5396447a57495f4e08aa41ff84ac1176079cdb16e2fb80676e1481a
                                                                                                                                                                            • Instruction ID: a1ac6741662085dda70f97c4eda7a37f378a3232c6faa997672da676361e49e0
                                                                                                                                                                            • Opcode Fuzzy Hash: 1a3a329eb5396447a57495f4e08aa41ff84ac1176079cdb16e2fb80676e1481a
                                                                                                                                                                            • Instruction Fuzzy Hash: EE515F32A08B8586DB10CF25E8441ADB3A4F798B98F14423AEF9D47759EF7CD594C780
                                                                                                                                                                            Function 00007FF62E30D5F0 Relevance: 3.1, APIs: 2, Instructions: 105registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3356406503-0
                                                                                                                                                                            • Opcode ID: 60aa5cc5757a325bb977ddb13680bba52789facd183ceda3f11ba9621b7c492f
                                                                                                                                                                            • Instruction ID: 4c660a02218d56dbba4fe238ce75ac58ee7db8be123bc30a60f2989ebdbbd6d9
                                                                                                                                                                            • Opcode Fuzzy Hash: 60aa5cc5757a325bb977ddb13680bba52789facd183ceda3f11ba9621b7c492f
                                                                                                                                                                            • Instruction Fuzzy Hash: 7F414A32B08A458AEB10DF64E8801A973B4FB68788F845439EB4D83B59DF38E554CB40
                                                                                                                                                                            Function 00007FF62E30F090 Relevance: 1.7, APIs: 1, Instructions: 203registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3660427363-0
                                                                                                                                                                            • Opcode ID: 07f4228a413a5bb6d0f97aacfeaa2fe03fdf2bbc78c0194cef22323dd142d28a
                                                                                                                                                                            • Instruction ID: 2fa487f565a504ea067e9474975549d50229849a07f7e8b72799b20da52bec90
                                                                                                                                                                            • Opcode Fuzzy Hash: 07f4228a413a5bb6d0f97aacfeaa2fe03fdf2bbc78c0194cef22323dd142d28a
                                                                                                                                                                            • Instruction Fuzzy Hash: 25719072B14B8189EB10CF66E8406ED77A4FB98B98F50413AEE8C97B58DF38D195C740
                                                                                                                                                                            Function 00007FF62E30CAB0 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1314 7ff62e30cab0-7ff62e30cae9 1315 7ff62e30caeb-7ff62e30cb00 1314->1315 1316 7ff62e30cb01-7ff62e30cb1a 1314->1316 1317 7ff62e30cb1c-7ff62e30cb31 1316->1317 1318 7ff62e30cb32-7ff62e30cb82 1316->1318 1319 7ff62e30cb88-7ff62e30cb97 1318->1319 1320 7ff62e30cdd0-7ff62e30cdd8 1318->1320 1323 7ff62e30cba0-7ff62e30cba5 1319->1323 1321 7ff62e30cdf7-7ff62e30cdfa 1320->1321 1322 7ff62e30cdda-7ff62e30cde4 1320->1322 1324 7ff62e30ce01-7ff62e30ce05 1321->1324 1322->1324 1325 7ff62e30cbab-7ff62e30cbcf 1323->1325 1326 7ff62e30cdae-7ff62e30cdc2 1323->1326 1327 7ff62e30ce08-7ff62e30ce40 1324->1327 1328 7ff62e30cbd0-7ff62e30cbda 1325->1328 1326->1323 1329 7ff62e30cdc8 1326->1329 1328->1328 1330 7ff62e30cbdc-7ff62e30cc05 1328->1330 1329->1320 1330->1326 1331 7ff62e30cc0b 1330->1331 1332 7ff62e30cc10-7ff62e30cc15 1331->1332 1333 7ff62e30cd97-7ff62e30cda9 1332->1333 1334 7ff62e30cc1b-7ff62e30cc4c CompareStringW 1332->1334 1333->1326 1335 7ff62e30cd78-7ff62e30cd91 1334->1335 1336 7ff62e30cc52-7ff62e30cc59 1334->1336 1335->1332 1335->1333 1337 7ff62e30cc60-7ff62e30cc6b 1336->1337 1337->1337 1338 7ff62e30cc6d-7ff62e30cc96 1337->1338 1338->1335 1339 7ff62e30cc9c 1338->1339 1340 7ff62e30cca0-7ff62e30cca6 1339->1340 1340->1335 1341 7ff62e30ccac 1340->1341 1342 7ff62e30ccb3-7ff62e30ccbd 1341->1342 1342->1342 1343 7ff62e30ccbf-7ff62e30cce4 1342->1343 1344 7ff62e30cce6-7ff62e30ccea 1343->1344 1345 7ff62e30cd61-7ff62e30cd72 1343->1345 1344->1345 1346 7ff62e30ccec-7ff62e30ccf7 1344->1346 1345->1335 1345->1340 1347 7ff62e30cd00-7ff62e30cd0b 1346->1347 1347->1347 1348 7ff62e30cd0d-7ff62e30cd48 1347->1348 1350 7ff62e30cde6-7ff62e30cdf5 1348->1350 1351 7ff62e30cd4e-7ff62e30cd5f 1348->1351 1350->1327 1351->1344 1351->1345
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: 04a565e1fb9e0d5dc17982b302aab2348f302beb93d9c9b07af63957dd64d0c3
                                                                                                                                                                            • Instruction ID: 29ea72102d52dd2bba686c940aeaa5a2d3d0c39a9e4cd3729e3f02af5c586a7a
                                                                                                                                                                            • Opcode Fuzzy Hash: 04a565e1fb9e0d5dc17982b302aab2348f302beb93d9c9b07af63957dd64d0c3
                                                                                                                                                                            • Instruction Fuzzy Hash: 7FA19072A04B9186DB108B18E8843A9B7A1FB61B74F548339EABD937D4DF38D459C701
                                                                                                                                                                            Function 00007FF62E30E2D0 Relevance: 1.6, APIs: 1, Instructions: 106registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1352 7ff62e30e2d0-7ff62e30e33a 1353 7ff62e30e33c 1352->1353 1354 7ff62e30e33f-7ff62e30e37d RegCreateKeyExW 1352->1354 1353->1354 1355 7ff62e30e442-7ff62e30e494 call 7ff62e30d240 1354->1355 1356 7ff62e30e383-7ff62e30e40e call 7ff62e1f4dd0 1354->1356 1363 7ff62e30e410-7ff62e30e418 1356->1363 1364 7ff62e30e422-7ff62e30e42d 1356->1364 1363->1364 1368 7ff62e30e41a 1363->1368 1364->1355 1365 7ff62e30e42f-7ff62e30e43d call 7ff62e1ea620 1364->1365 1365->1355 1368->1364
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                            • Opcode ID: 30091e22c09bf41796f4a9fee94107e8fe5aa0b0b110d942e26dddde1e5ffc07
                                                                                                                                                                            • Instruction ID: 2ebd9e094100239c8cabbf9738a76bf25e1c94dfdc98b41b587f6e3e8b758aad
                                                                                                                                                                            • Opcode Fuzzy Hash: 30091e22c09bf41796f4a9fee94107e8fe5aa0b0b110d942e26dddde1e5ffc07
                                                                                                                                                                            • Instruction Fuzzy Hash: F9510672A14B818AEB60CF75E8806DD77B4F758788F50013AEE8D9BA58CF38D590CB04
                                                                                                                                                                            Function 00007FF62E3526C0 Relevance: 1.5, APIs: 1, Instructions: 38timeCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1387 7ff62e3526c0-7ff62e352758 GetSystemTimes 1389 7ff62e352760-7ff62e352764 1387->1389
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF62E1B3281), ref: 00007FF62E3526F2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: SystemTimes
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 375623090-0
                                                                                                                                                                            • Opcode ID: 637f8777b14754cd434cfe98390451cabcea98096661fea99651bb56bec541e5
                                                                                                                                                                            • Instruction ID: 8b2c27259484773976260cfe893b7cbee08a82d4b52a52c5909e04ee537d703d
                                                                                                                                                                            • Opcode Fuzzy Hash: 637f8777b14754cd434cfe98390451cabcea98096661fea99651bb56bec541e5
                                                                                                                                                                            • Instruction Fuzzy Hash: F4119476619A8586CB64CF15F49046AB7B1F7DCB48B40522AFA8E83B28DF3CD654CF04
                                                                                                                                                                            Function 00007FF62E306150 Relevance: 1.3, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1405 7ff62e306150-7ff62e306198 call 7ff62e306080 1408 7ff62e30619a-7ff62e3061a1 1405->1408 1409 7ff62e306216-7ff62e306248 call 7ff62e1bb890 call 7ff62e1bba60 1405->1409 1408->1409 1410 7ff62e3061a3-7ff62e3061bd 1408->1410 1416 7ff62e3061bf-7ff62e3061c2 1410->1416 1417 7ff62e3061db-7ff62e3061eb 1410->1417 1416->1417 1418 7ff62e3061c4-7ff62e3061d3 CloseHandle 1416->1418 1419 7ff62e3061ed 1417->1419 1420 7ff62e3061f8-7ff62e306215 1417->1420 1418->1417 1419->1420
                                                                                                                                                                            APIs
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF62E1BCD71), ref: 00007FF62E3061C8
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000004.00000002.3337913230.00007FF62E1B1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF62E1B0000, based on PE: true
                                                                                                                                                                            • Associated: 00000004.00000002.3337876261.00007FF62E1B0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_4_2_7ff62e1b0000_Instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                            • Opcode ID: 2482a5d07b8adbc0bb50d3939afd54c9a14f08bf66d0ef138f432ea92f21676e
                                                                                                                                                                            • Instruction ID: 2be494155cde9d946bc04f73650d851d2ebf4d964cb8b8c329eb53951cbf5c0b
                                                                                                                                                                            • Opcode Fuzzy Hash: 2482a5d07b8adbc0bb50d3939afd54c9a14f08bf66d0ef138f432ea92f21676e
                                                                                                                                                                            • Instruction Fuzzy Hash: F5218032A09A0682EE00DB24EC9437963A0FFA4781F544539FA9D876A5DF3CE495C741

                                                                                                                                                                            Executed Functions

                                                                                                                                                                            Function 00007FF7CEDD8500 Relevance: 138.2, APIs: 36, Strings: 42, Instructions: 1743memorytimelibraryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Time$CriticalFileSection$HeapProcess$LeaveSystemValue$CurrentEnterFreeInstupLocal$AllocCommandErrorInformationLastLine__std_exception_destroy$AddressAttributesCleanupConnectedExceptionHandleHeaderInitInternetMappedModuleNameProcRaiseState_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: --logpath "$ --send dumps|report --path "$ --version $($--product 5$--product 70$6EC6$6EC6$6EC6$7$9792$9792$9792$Bugreport was not called because community is disabled.$Cannot initialize Instup, return code {}$END: Avast installer/updater, return code {}$Error in Instup cleanup, return code {}$Error returned by Instup, return code {}$GetModuleHandleW ({})$GetProcAddress ({})$Logs$START: Avast installer/updater$SetProcessDPIAware$Setup has crashed. The dump was sent.$Unable to determine legacy product enumeration from product identifier!$X$\Logs\Clear.log$\Logs\Setup.log$\Logs\Update.log$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni$avast! Self-Defense trust was not acquired. Code {}$avast! Self-Defense trust was successfully acquired.$avcfg://settings/Common/PropertyCommunity$clear$config.def$ctx$debug$sfx$sfxstorage$user32${}.{}.{}.{}
                                                                                                                                                                            • API String ID: 3599941551-1329754222
                                                                                                                                                                            • Opcode ID: a5cb7825cc31b380387b0dcb6404c5fac3f34030fe20cd3f4d7b466cb33ef0f6
                                                                                                                                                                            • Instruction ID: d4e62b376fcbfafb5f51cd5efea6728b1f7f8ca7afee21f1fb3fdfc19714e478
                                                                                                                                                                            • Opcode Fuzzy Hash: a5cb7825cc31b380387b0dcb6404c5fac3f34030fe20cd3f4d7b466cb33ef0f6
                                                                                                                                                                            • Instruction Fuzzy Hash: CD138372A14BC689EB60EF34D8402EDB3A0FB55758F805235DA4D57AA9EF3CD684C360
                                                                                                                                                                            Function 00007FF7CEE0E130 Relevance: 79.8, APIs: 31, Strings: 14, Instructions: 1064threadtimeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$Process$CountEnterLeaveThread$ConditionCurrentMaskTick$InfoOpenPriority$ClassHandleMemoryTimesVerifyVersion__std_exception_destroy
                                                                                                                                                                            • String ID: 9752$9752$F988$F988$Handle count is {}, expected maximum is {} !$Thread count is {}, expected maximum is {} !$Thread count is {}, expected maximum is {}, but count of thread pool idle workers is {}, not dumping!$deadlock suspected$excessive handle count$excessive memory usage$excessive thread count$high CPU usage$suspected GUI thread hang$uwm
                                                                                                                                                                            • API String ID: 2968722256-2316650529
                                                                                                                                                                            • Opcode ID: 6dba4c42d4ec6c14aa723cc6c5b1a2d4b9c788e684eacb6143507e171547301d
                                                                                                                                                                            • Instruction ID: ccf480562756cb06e3f7635a94b99b61ed571367e0b9413a10d9d7120d135c70
                                                                                                                                                                            • Opcode Fuzzy Hash: 6dba4c42d4ec6c14aa723cc6c5b1a2d4b9c788e684eacb6143507e171547301d
                                                                                                                                                                            • Instruction Fuzzy Hash: B0C2BF32A08BC58AEB60EF25D8403EDB7A1FB49BA8F848136DA4D17764DF78D585C350
                                                                                                                                                                            Function 00007FF7CEE03FD0 Relevance: 62.2, APIs: 13, Strings: 22, Instructions: 949COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_destroy$BindingString$AttributesComposeFileFreeFrom_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID: $"$0$244E$661B$?$Attempting to install crashguard twice, ignored.$AvDumper$CrashGuard initialized successfully, external debugger attached$CrashGuard initialized successfully, only internal dumping available$CrashGuardProcessWatcherExclusions$D$Dump path '$Failed to install crash hooks$O$Release$`$avcfg://settings/CrashGuard/FullDumpFraction$avdef://config/Common/FullDumpFraction$avdef://config/Common/VersionType$ncalrpc$python.exe;pythonw.exe;
                                                                                                                                                                            • API String ID: 1250493283-4266751090
                                                                                                                                                                            • Opcode ID: 8ffdd9c8a8e015b235389c6ae0800ed82e979d93b095c1951452512920a6e3a1
                                                                                                                                                                            • Instruction ID: 3f21e4caf4c3662cf4b0382f9daa735244df17162094777c59da5b97e365cc75
                                                                                                                                                                            • Opcode Fuzzy Hash: 8ffdd9c8a8e015b235389c6ae0800ed82e979d93b095c1951452512920a6e3a1
                                                                                                                                                                            • Instruction Fuzzy Hash: D8B26F72A18BC581E670EF14E4403EAB3A0FBD57A4F805236DA8D53AA9DF7CD584CB50
                                                                                                                                                                            Function 00007FF7CEE0ADC0 Relevance: 52.9, APIs: 13, Strings: 17, Instructions: 430memorylibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1156 7ff7cee0adc0-7ff7cee0ae23 GetModuleHandleW GetProcAddress 1157 7ff7cee0ae63-7ff7cee0aed0 call 7ff7cef3bd30 EnterCriticalSection call 7ff7cef8da50 call 7ff7cede15f0 GetProcessHeap 1156->1157 1158 7ff7cee0ae25-7ff7cee0ae31 1156->1158 1181 7ff7cee0aefb-7ff7cee0aefe 1157->1181 1182 7ff7cee0aed2-7ff7cee0aef6 call 7ff7cedda910 call 7ff7cef9b1b4 1157->1182 1160 7ff7cee0ae37-7ff7cee0ae59 call 7ff7cee10570 GetCurrentThreadId call 7ff7cee0bd60 1158->1160 1161 7ff7cee0b160-7ff7cee0b1ce call 7ff7cee11ec0 call 7ff7cef8e470 1158->1161 1171 7ff7cee0ae5e 1160->1171 1175 7ff7cee0b1d4-7ff7cee0b1db 1161->1175 1176 7ff7cee0b266-7ff7cee0b26f 1161->1176 1174 7ff7cee0af3f-7ff7cee0af48 1171->1174 1179 7ff7cee0af4e-7ff7cee0af58 call 7ff7cee0b4a0 1174->1179 1180 7ff7cee0b031-7ff7cee0b036 1174->1180 1175->1176 1178 7ff7cee0b1e1-7ff7cee0b1e7 1175->1178 1183 7ff7cee0b275-7ff7cee0b27a 1176->1183 1184 7ff7cee0b2f6-7ff7cee0b2ff 1176->1184 1178->1176 1189 7ff7cee0b1e9-7ff7cee0b1fc 1178->1189 1199 7ff7cee0af5d-7ff7cee0af5f 1179->1199 1191 7ff7cee0b03c-7ff7cee0b052 AddVectoredExceptionHandler 1180->1191 1192 7ff7cee0b120-7ff7cee0b125 1180->1192 1185 7ff7cee0af08-7ff7cee0af0b 1181->1185 1186 7ff7cee0af00-7ff7cee0af05 1181->1186 1182->1181 1183->1184 1194 7ff7cee0b27c-7ff7cee0b280 1183->1194 1187 7ff7cee0b3a0-7ff7cee0b3a9 1184->1187 1188 7ff7cee0b305-7ff7cee0b30d RevertToSelf 1184->1188 1195 7ff7cee0af0d-7ff7cee0af1f 1185->1195 1196 7ff7cee0af30-7ff7cee0af3b LeaveCriticalSection 1185->1196 1186->1185 1202 7ff7cee0b47a 1187->1202 1203 7ff7cee0b3af-7ff7cee0b403 call 7ff7cedd6c90 1187->1203 1188->1187 1197 7ff7cee0b313-7ff7cee0b367 call 7ff7cedd6c90 1188->1197 1189->1176 1198 7ff7cee0b1fe-7ff7cee0b261 call 7ff7cede3a00 1189->1198 1191->1192 1204 7ff7cee0b058-7ff7cee0b0ac call 7ff7cedd6c90 1191->1204 1200 7ff7cee0b127-7ff7cee0b132 SetErrorMode 1192->1200 1201 7ff7cee0b135-7ff7cee0b15f call 7ff7cef8b980 1192->1201 1194->1184 1206 7ff7cee0b282-7ff7cee0b28a 1194->1206 1207 7ff7cee0af29-7ff7cee0af2f 1195->1207 1208 7ff7cee0af21-7ff7cee0af27 HeapFree 1195->1208 1196->1174 1234 7ff7cee0b397-7ff7cee0b39b 1197->1234 1235 7ff7cee0b369-7ff7cee0b396 1197->1235 1212 7ff7cee0b47c-7ff7cee0b49c call 7ff7cef8b980 1198->1212 1199->1180 1211 7ff7cee0af65-7ff7cee0afbc call 7ff7cedd6c90 1199->1211 1200->1201 1202->1212 1227 7ff7cee0b433 1203->1227 1228 7ff7cee0b405-7ff7cee0b432 1203->1228 1229 7ff7cee0b0ae-7ff7cee0b0de 1204->1229 1230 7ff7cee0b0df-7ff7cee0b0e6 1204->1230 1206->1184 1217 7ff7cee0b28c-7ff7cee0b2b0 VirtualQuery 1206->1217 1207->1196 1208->1196 1238 7ff7cee0afee-7ff7cee0aff5 1211->1238 1239 7ff7cee0afbe-7ff7cee0afed 1211->1239 1217->1184 1218 7ff7cee0b2b2-7ff7cee0b2c3 GetModuleHandleW 1217->1218 1231 7ff7cee0b2d8-7ff7cee0b2f1 1218->1231 1232 7ff7cee0b2c5-7ff7cee0b2d6 GetModuleHandleW 1218->1232 1240 7ff7cee0b437-7ff7cee0b43a 1227->1240 1228->1227 1229->1230 1241 7ff7cee0b0e8-7ff7cee0b0f2 1230->1241 1242 7ff7cee0b11d 1230->1242 1231->1212 1232->1184 1232->1231 1234->1240 1235->1234 1245 7ff7cee0aff7-7ff7cee0b001 1238->1245 1246 7ff7cee0b02e 1238->1246 1239->1238 1247 7ff7cee0b43c-7ff7cee0b44b 1240->1247 1248 7ff7cee0b476-7ff7cee0b478 1240->1248 1241->1242 1249 7ff7cee0b0f4-7ff7cee0b10b 1241->1249 1242->1192 1245->1246 1252 7ff7cee0b003-7ff7cee0b01c 1245->1252 1246->1180 1247->1248 1253 7ff7cee0b44d-7ff7cee0b464 1247->1253 1248->1212 1249->1242 1257 7ff7cee0b10d-7ff7cee0b113 1249->1257 1252->1246 1258 7ff7cee0b01e-7ff7cee0b024 1252->1258 1253->1248 1259 7ff7cee0b466-7ff7cee0b46c 1253->1259 1257->1242 1258->1246 1259->1248
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Heap$HandleModuleProcess$CriticalSection$AddressAllocEnterProc$CurrentErrorExceptionFreeHandlerLeaveModeQueryRevertSelfThreadVectoredVirtual
                                                                                                                                                                            • String ID: #$&$Already running$C33A$C33A$CtrlRoutine$EC0E$EC0E$Failed to install global crashhandler.$Failed to install vectored handler.$Warning: Relocated kernel32 detected.$Warning: STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING exception was dispatched.$Warning: STATUS_THREADPOOL_HANDLE_EXCEPTION exception was dispatched.$asw::crashguard::ProcessWatcher::Singleton::v1$combase.dll$kernel32.dll$ole32.dll
                                                                                                                                                                            • API String ID: 3202747469-1461470364
                                                                                                                                                                            • Opcode ID: c69dd6e5c52a93f6036b2c76fc0be4b90795fb7c33ff4cdbc6929f6695f972c7
                                                                                                                                                                            • Instruction ID: d16d71d696068bdc64cc216db45c3eadfea0a13c32ee32b29b06e6eea66aa4a2
                                                                                                                                                                            • Opcode Fuzzy Hash: c69dd6e5c52a93f6036b2c76fc0be4b90795fb7c33ff4cdbc6929f6695f972c7
                                                                                                                                                                            • Instruction Fuzzy Hash: 30228432A04B458AFB50EF65D8402ADB7B0FB48BA8F858136DA4D67768DF7CD584C720
                                                                                                                                                                            Function 00007FF7CEE0C8D0 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 283threadwindowsynchronizationCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1260 7ff7cee0c8d0-7ff7cee0ca6c call 7ff7cede3a00 call 7ff7cef1bd90 call 7ff7cef8baf0 call 7ff7cedd7a00 call 7ff7cef1bf30 call 7ff7cee107f0 GetModuleHandleW 1274 7ff7cee0ca70-7ff7cee0ca8e call 7ff7cee14ef0 call 7ff7cee14a30 1260->1274 1279 7ff7cee0cdac-7ff7cee0cdb4 1274->1279 1280 7ff7cee0ca94-7ff7cee0ca9c 1274->1280 1282 7ff7cee0cdd5-7ff7cee0cded WaitForSingleObject 1279->1282 1283 7ff7cee0cdb6-7ff7cee0cdc0 call 7ff7cee0e130 1279->1283 1280->1279 1281 7ff7cee0caa2-7ff7cee0cab4 GetCurrentProcess GetPriorityClass 1280->1281 1281->1279 1285 7ff7cee0caba-7ff7cee0cabf 1281->1285 1282->1274 1284 7ff7cee0cdf3-7ff7cee0cdf7 1282->1284 1289 7ff7cee0cdc5-7ff7cee0cdce 1283->1289 1287 7ff7cee0ce00-7ff7cee0ce20 PeekMessageW 1284->1287 1285->1279 1288 7ff7cee0cac5-7ff7cee0caf9 call 7ff7cee0a260 OpenThread 1285->1288 1287->1287 1290 7ff7cee0ce22-7ff7cee0ce5b call 7ff7cef1c1e0 call 7ff7cef8b980 1287->1290 1295 7ff7cee0cafb 1288->1295 1296 7ff7cee0cb00-7ff7cee0cb0b GetThreadPriority 1288->1296 1289->1282 1298 7ff7cee0cda4 1295->1298 1299 7ff7cee0cd9b-7ff7cee0cd9e CloseHandle 1296->1299 1300 7ff7cee0cb11-7ff7cee0cb1b call 7ff7cee0f640 1296->1300 1298->1279 1299->1298 1300->1299 1304 7ff7cee0cb21-7ff7cee0cb70 GetGUIThreadInfo 1300->1304 1304->1299 1305 7ff7cee0cb76-7ff7cee0cb81 1304->1305 1306 7ff7cee0cb87-7ff7cee0cb90 1305->1306 1307 7ff7cee0cd96 1305->1307 1308 7ff7cee0cd2a-7ff7cee0cd33 1306->1308 1309 7ff7cee0cb96 1306->1309 1307->1299 1310 7ff7cee0cd8e 1308->1310 1311 7ff7cee0cd35-7ff7cee0cd45 IsHungAppWindow 1308->1311 1312 7ff7cee0cba0-7ff7cee0cbc0 PeekMessageW 1309->1312 1310->1307 1311->1310 1314 7ff7cee0cd47-7ff7cee0cd7b SendMessageCallbackW 1311->1314 1312->1312 1313 7ff7cee0cbc2-7ff7cee0cbd9 1312->1313 1315 7ff7cee0cbdf-7ff7cee0cbe1 1313->1315 1316 7ff7cee0cd20 1313->1316 1314->1310 1317 7ff7cee0cd7d-7ff7cee0cd87 1314->1317 1315->1308 1318 7ff7cee0cbe7-7ff7cee0cc62 call 7ff7cedd6c90 1315->1318 1319 7ff7cee0cd23 1316->1319 1317->1310 1322 7ff7cee0cc99-7ff7cee0cca4 1318->1322 1323 7ff7cee0cc64-7ff7cee0cc98 1318->1323 1319->1308 1324 7ff7cee0cce3-7ff7cee0cd1e call 7ff7cee0d5b0 1322->1324 1325 7ff7cee0cca6-7ff7cee0ccb3 1322->1325 1323->1322 1324->1319 1325->1324 1328 7ff7cee0ccb5-7ff7cee0ccd1 1325->1328 1328->1324 1331 7ff7cee0ccd3-7ff7cee0ccd9 1328->1331 1331->1324
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Thread$ConditionCurrentMaskOpen$CountInfoMessagePeekPriorityProcessTickTimesToken$ClassControlDeviceErrorHandleImpersonateLastModuleObjectSelfSingleSystemVerifyVersionWait
                                                                                                                                                                            • String ID: 9752$Detected a hang in GUI thread through IsHungAppWindow+SendMessageCallback. Attempting to dump process...$F988$H$Process monitoring installed.$SeDebugPrivilege$h$suspected GUI thread hang$verifier.dll
                                                                                                                                                                            • API String ID: 2528360860-923074097
                                                                                                                                                                            • Opcode ID: 1ac531c983f675618b61252cd0af25f035a743d505f7e35e50caa11ce94523d8
                                                                                                                                                                            • Instruction ID: 542172fc5bd6ed7d141e3f011960c04d5dfd2a8af6f5ab1bfdeac321347b3236
                                                                                                                                                                            • Opcode Fuzzy Hash: 1ac531c983f675618b61252cd0af25f035a743d505f7e35e50caa11ce94523d8
                                                                                                                                                                            • Instruction Fuzzy Hash: F6E18232A18BC586E760EF25E8407EAF7A0FB89B50F818135DA8D53A54DF7CE485DB10
                                                                                                                                                                            Function 00007FF8A80F6F8C Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 428windowCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1332 7ff8a80f6f8c-7ff8a80f6f8f 1333 7ff8a80f6f95-7ff8a80f6fd7 GetClientRect 1332->1333 1334 7ff8a80f85a0-7ff8a80f85a3 1332->1334 1337 7ff8a80f8596-7ff8a80f859d 1333->1337 1338 7ff8a80f6fdd-7ff8a80f6fe3 1333->1338 1335 7ff8a80f85a5-7ff8a80f85ae RtlLeaveCriticalSection 1334->1335 1336 7ff8a80f85af-7ff8a80f85b2 1334->1336 1335->1336 1339 7ff8a80f85b4-7ff8a80f85d0 1336->1339 1340 7ff8a80f85d1-7ff8a80f85f6 call 7ff8a8377e70 1336->1340 1337->1334 1338->1337 1341 7ff8a80f6fe9-7ff8a80f6ff0 1338->1341 1339->1340 1344 7ff8a80f6ff6-7ff8a80f7002 1341->1344 1345 7ff8a80f76d1-7ff8a80f76eb BeginPaint EndPaint 1341->1345 1344->1345 1348 7ff8a80f7008-7ff8a80f7012 1344->1348 1345->1334 1345->1337 1349 7ff8a80f732c-7ff8a80f733b GetWindowLongA 1348->1349 1350 7ff8a80f7018-7ff8a80f70f9 BeginPaint call 7ff8a83d4a10 call 7ff8a80ffb00 call 7ff8a8175540 1348->1350 1351 7ff8a80f738c-7ff8a80f739e GetWindowLongA 1349->1351 1352 7ff8a80f733d-7ff8a80f734b 1349->1352 1376 7ff8a80f710d 1350->1376 1377 7ff8a80f70fb-7ff8a80f710b call 7ff8a81007d0 1350->1377 1354 7ff8a80f7514-7ff8a80f7563 call 7ff8a80f5e80 1351->1354 1355 7ff8a80f73a4-7ff8a80f7471 BeginPaint call 7ff8a8170e40 call 7ff8a80ff2f0 1351->1355 1356 7ff8a80f7365-7ff8a80f7387 BeginPaint EndPaint call 7ff8a812f3d0 1352->1356 1357 7ff8a80f734d-7ff8a80f7363 1352->1357 1369 7ff8a80f7565-7ff8a80f7568 1354->1369 1370 7ff8a80f756e 1354->1370 1378 7ff8a80f7482-7ff8a80f74da call 7ff8a8170f30 1355->1378 1379 7ff8a80f7473-7ff8a80f747d call 7ff8a80f6c80 1355->1379 1356->1334 1357->1351 1357->1356 1369->1370 1373 7ff8a80f756a-7ff8a80f756c 1369->1373 1374 7ff8a80f7570-7ff8a80f7572 1370->1374 1373->1374 1380 7ff8a80f76c3-7ff8a80f76cc call 7ff8a80f6040 1374->1380 1381 7ff8a80f7578-7ff8a80f7639 call 7ff8a8170e40 call 7ff8a80ff2f0 1374->1381 1388 7ff8a80f711a-7ff8a80f7146 1376->1388 1377->1388 1400 7ff8a80f74ec-7ff8a80f74f6 1378->1400 1401 7ff8a80f74dc-7ff8a80f74e5 call 7ff8a83a1200 1378->1401 1379->1378 1380->1334 1397 7ff8a80f764a-7ff8a80f7670 1381->1397 1398 7ff8a80f763b-7ff8a80f7645 call 7ff8a80f6c80 1381->1398 1391 7ff8a80f7183-7ff8a80f718e 1388->1391 1392 7ff8a80f7148-7ff8a80f7181 call 7ff8a8174cb0 call 7ff8a81806f0 1388->1392 1402 7ff8a80f7197-7ff8a80f72c5 call 7ff8a83d4a10 call 7ff8a8173820 SetWindowOrgEx call 7ff8a81739d0 call 7ff8a8178830 CreateCompatibleDC SelectObject BitBlt SelectObject DeleteDC EndPaint 1391->1402 1392->1402 1411 7ff8a80f767d-7ff8a80f769b call 7ff8a8170f30 1397->1411 1398->1397 1404 7ff8a80f7502-7ff8a80f750f EndPaint 1400->1404 1405 7ff8a80f74f8-7ff8a80f7501 call 7ff8a83a1200 1400->1405 1401->1400 1433 7ff8a80f72c7-7ff8a80f72d4 1402->1433 1434 7ff8a80f72db-7ff8a80f72e5 1402->1434 1404->1334 1405->1404 1421 7ff8a80f76ad-7ff8a80f76b7 1411->1421 1422 7ff8a80f769d-7ff8a80f76a6 call 7ff8a83a1200 1411->1422 1421->1380 1425 7ff8a80f76b9-7ff8a80f76c2 call 7ff8a83a1200 1421->1425 1422->1421 1425->1380 1433->1434 1435 7ff8a80f72e7-7ff8a80f72f4 1434->1435 1436 7ff8a80f72fb-7ff8a80f7305 1434->1436 1435->1436 1437 7ff8a80f7307-7ff8a80f7314 1436->1437 1438 7ff8a80f731b-7ff8a80f7327 call 7ff8a80ffed0 1436->1438 1437->1438 1438->1334
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ObjectPaint$Window$Select$Begin$LongStock$CreateMessageRectSectionSend$AlignClientClipCompatibleCriticalDeleteLayoutLeaveModeParentPointsRestoreSaveTextViewport
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 401802432-3916222277
                                                                                                                                                                            • Opcode ID: 4c51392f952833eac9600464282c5634f9503587127e023d731e4bfe130bcffa
                                                                                                                                                                            • Instruction ID: ff7b06968d006ec5d0a03149b549dd2ab1f5238f057dc3bdbdf06c78f659cb02
                                                                                                                                                                            • Opcode Fuzzy Hash: 4c51392f952833eac9600464282c5634f9503587127e023d731e4bfe130bcffa
                                                                                                                                                                            • Instruction Fuzzy Hash: 78225C32A1ABC19ADB20CF74D8802ED3761FB84788F408235DA4D5BBA8DF78DA54C754
                                                                                                                                                                            Function 00007FF7CEDF7470 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 311COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 1444 7ff7cedf7470-7ff7cedf74cc RtlDllShutdownInProgress 1445 7ff7cedf74ce-7ff7cedf74d2 1444->1445 1446 7ff7cedf74d7-7ff7cedf759a GetCurrentProcess GetProcessId call 7ff7cee033a0 call 7ff7cede1850 call 7ff7ceddc6c0 GetEnvironmentVariableW 1444->1446 1448 7ff7cedf79f0-7ff7cedf7a0e call 7ff7cef8b980 1445->1448 1456 7ff7cedf78e6-7ff7cedf7936 1446->1456 1457 7ff7cedf75a0-7ff7cedf75ab GetLastError 1446->1457 1458 7ff7cedf797d-7ff7cedf79df call 7ff7cedd6c90 call 7ff7cee012f0 call 7ff7cee03310 call 7ff7cee024a0 call 7ff7cee03fd0 1456->1458 1459 7ff7cedf7938-7ff7cedf797b call 7ff7cedd6c90 call 7ff7cee012f0 call 7ff7cee03310 call 7ff7cee024a0 1456->1459 1460 7ff7cedf7643-7ff7cedf7668 call 7ff7cee03fd0 1457->1460 1461 7ff7cedf75b1-7ff7cedf763e call 7ff7cedd6c90 call 7ff7cee012f0 call 7ff7cee03310 call 7ff7cee024a0 1457->1461 1473 7ff7cedf79e2-7ff7cedf79ee call 7ff7ceddc6c0 1458->1473 1459->1473 1460->1473 1474 7ff7cedf766e-7ff7cedf7680 GetModuleHandleW 1460->1474 1461->1460 1473->1448 1476 7ff7cedf7686-7ff7cedf7705 call 7ff7cedd6c90 call 7ff7cee012f0 call 7ff7cee03310 call 7ff7cee024a0 1474->1476 1477 7ff7cedf770a-7ff7cedf7721 1474->1477 1476->1477 1483 7ff7cedf7723-7ff7cedf7726 1477->1483 1484 7ff7cedf7770-7ff7cedf779c 1477->1484 1490 7ff7cedf7730-7ff7cedf775c 1483->1490 1484->1484 1493 7ff7cedf779e-7ff7cedf77bd 1484->1493 1490->1490 1496 7ff7cedf775e-7ff7cedf7768 1490->1496 1499 7ff7cedf77bf-7ff7cedf77d7 1493->1499 1500 7ff7cedf77d9-7ff7cedf77f5 call 7ff7cedd7a00 1493->1500 1496->1493 1505 7ff7cedf77f6-7ff7cedf78cf SetEnvironmentVariableW call 7ff7cedd6c90 call 7ff7cee012f0 call 7ff7cee03310 call 7ff7cedfa7a0 call 7ff7cee006a0 call 7ff7cee03310 call 7ff7cee024a0 1499->1505 1500->1505 1525 7ff7cedf78d4-7ff7cedf78e1 call 7ff7ceddc6c0 1505->1525 1525->1473
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Process$CurrentEnvironmentErrorHandleLastModuleProgressShutdownVariable
                                                                                                                                                                            • String ID: 53B2$CBAC$Could not access environment variables, crash handler will be installed anyway.$Crash handler installed multiple times from this binary, ignoring additional install request$Crash handler installed successfully process-wide from module $Crash handler is already resident in this process. Enabling only manual dumping from this binary.$CrashHandlerInstalled-$Installing crashguard from DLL instead of executable. Crashes in global destruction cannot be handled.$S
                                                                                                                                                                            • API String ID: 3779136858-54611380
                                                                                                                                                                            • Opcode ID: 6b3e47df94c34cf3844f18864bc1bafbf3d01a96d09252d4de16c08b3878ffe4
                                                                                                                                                                            • Instruction ID: 4123cdf8dd6c75100c8880d767158d03fcb9355beaa2dae4056bd59cc8b3aa2e
                                                                                                                                                                            • Opcode Fuzzy Hash: 6b3e47df94c34cf3844f18864bc1bafbf3d01a96d09252d4de16c08b3878ffe4
                                                                                                                                                                            • Instruction Fuzzy Hash: C0E1E672E28AC18AE710EF74D8402E9B770FB95794F805136EA4D57A59EF7CD680C710
                                                                                                                                                                            Function 00007FF7CEF1B410 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 127memoryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$Token$AllocateCheckCloseDuplicateHandleInitializeMembership
                                                                                                                                                                            • String ID: AllocateAndInitializeSid$Unable to check token membership!$Unable to duplicate the access token!$Unable to open current thread token!$Unable to open default process token!$Unable to retrieve the size of user SID!$Unable to retrieve the user SID!
                                                                                                                                                                            • API String ID: 2359238992-3829580448
                                                                                                                                                                            • Opcode ID: 6f4660f8193a49392e81922c41ac8b6abc89f3841ef3f8cb118bd0c4b0a5811b
                                                                                                                                                                            • Instruction ID: a1cd65f936c6158fccdfb511a576510694f42960af1722fa1eb63dca10256c46
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f4660f8193a49392e81922c41ac8b6abc89f3841ef3f8cb118bd0c4b0a5811b
                                                                                                                                                                            • Instruction Fuzzy Hash: 15516032B08B46DAE710EF60D8502ECB3B4FB54B58F805536DA4D63A68EF38D199C760
                                                                                                                                                                            Function 00007FF7CEF38730 Relevance: 23.1, APIs: 10, Strings: 2, Instructions: 2077encryptiontimethreadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF38776
                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF389D4
                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00007FF7CEF38B0E
                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF38C80
                                                                                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF3917C
                                                                                                                                                                            • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF393F7
                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF39B7F
                                                                                                                                                                            • CryptAcquireContextW.ADVAPI32 ref: 00007FF7CEF3A08B
                                                                                                                                                                            • CryptGenRandom.ADVAPI32 ref: 00007FF7CEF3A0B3
                                                                                                                                                                            • CryptReleaseContext.ADVAPI32 ref: 00007FF7CEF3A32F
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Crypt$ContextCurrentSystemTime$AcquireCounterDiskFileFreeGlobalMemoryPerformanceProcessQueryRandomReleaseSpaceStatusThreadTimes
                                                                                                                                                                            • String ID: @$Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                            • API String ID: 1216455848-3036034798
                                                                                                                                                                            • Opcode ID: c2046da14e8c19e13add52f413bf2747616c9d0eda031075b714ba07e7d1d683
                                                                                                                                                                            • Instruction ID: ef8ab58f44c2daa322f604cd6eeb31554622b11373c7f77e0a3862c35cda3bb0
                                                                                                                                                                            • Opcode Fuzzy Hash: c2046da14e8c19e13add52f413bf2747616c9d0eda031075b714ba07e7d1d683
                                                                                                                                                                            • Instruction Fuzzy Hash: 351352B36186828BDB54DF2CE45027EB7B0F796344F94113AE38A87689EB3DD945CB10
                                                                                                                                                                            Function 00007FF7CEE11F60 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 96memorylibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentProcessProtectVirtual$AddressCacheCall3CheckClientDebuggerFlushHandleInstructionModulePresentProcRemote
                                                                                                                                                                            • String ID: IsDebuggerPresent$kernel32.dll
                                                                                                                                                                            • API String ID: 2663660448-2078679533
                                                                                                                                                                            • Opcode ID: a6e96d3039037b5564e3c5529bcb386ee92312b70a5fb451a4cceb98aff8a6ea
                                                                                                                                                                            • Instruction ID: ecda6d92811bb65beb233dcfdd43337e5d4c8c4932c1a97db66420be513c0b63
                                                                                                                                                                            • Opcode Fuzzy Hash: a6e96d3039037b5564e3c5529bcb386ee92312b70a5fb451a4cceb98aff8a6ea
                                                                                                                                                                            • Instruction Fuzzy Hash: 4D419861A08A8282F750AF15E8442BDF7A0FF48BA0F848175E99D07799DF7DD489D730
                                                                                                                                                                            Function 00007FF7CEF2F220 Relevance: 18.0, APIs: 6, Strings: 4, Instructions: 548registryCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2264 7ff7cef2f220-7ff7cef2f2c7 RegQueryValueExW 2265 7ff7cef2f2c9-7ff7cef2f31c call 7ff7cede1850 2264->2265 2266 7ff7cef2f321-7ff7cef2f326 2264->2266 2274 7ff7cef2f48e-7ff7cef2f4cb call 7ff7ceddc6c0 call 7ff7cef8b980 2265->2274 2268 7ff7cef2f358-7ff7cef2f35d 2266->2268 2269 7ff7cef2f328-7ff7cef2f353 call 7ff7cef2d240 2266->2269 2272 7ff7cef2f46e-7ff7cef2f48a 2268->2272 2273 7ff7cef2f363-7ff7cef2f36a 2268->2273 2269->2268 2272->2274 2275 7ff7cef2f370-7ff7cef2f37c 2273->2275 2277 7ff7cef2f37e-7ff7cef2f394 2275->2277 2278 7ff7cef2f396-7ff7cef2f3a9 2275->2278 2280 7ff7cef2f3f4-7ff7cef2f428 RegQueryValueExW 2277->2280 2281 7ff7cef2f3dd-7ff7cef2f3ef call 7ff7cede0e00 2278->2281 2282 7ff7cef2f3ab-7ff7cef2f3c3 2278->2282 2284 7ff7cef2f42a-7ff7cef2f42f 2280->2284 2285 7ff7cef2f43d-7ff7cef2f469 call 7ff7cef2d240 2280->2285 2281->2280 2287 7ff7cef2f3d0-7ff7cef2f3db 2282->2287 2288 7ff7cef2f3c5-7ff7cef2f3cd 2282->2288 2289 7ff7cef2f4cc-7ff7cef2f5be call 7ff7ceddf600 call 7ff7cef2fd90 call 7ff7cef8e470 RegQueryValueExW 2284->2289 2290 7ff7cef2f435-7ff7cef2f438 2284->2290 2285->2272 2287->2280 2288->2287 2299 7ff7cef2f5fa-7ff7cef2f5ff 2289->2299 2300 7ff7cef2f5c0-7ff7cef2f5f5 call 7ff7cee778c0 2289->2300 2290->2275 2302 7ff7cef2f631-7ff7cef2f636 2299->2302 2303 7ff7cef2f601-7ff7cef2f62c call 7ff7cef2d240 2299->2303 2308 7ff7cef2f72a-7ff7cef2f76b call 7ff7cee75fb0 call 7ff7cef8b980 2300->2308 2306 7ff7cef2f70d-7ff7cef2f727 2302->2306 2307 7ff7cef2f63c-7ff7cef2f63f 2302->2307 2303->2302 2306->2308 2309 7ff7cef2f640-7ff7cef2f65a 2307->2309 2311 7ff7cef2f65c-7ff7cef2f664 2309->2311 2312 7ff7cef2f666 2309->2312 2313 7ff7cef2f6a1-7ff7cef2f6c7 RegQueryValueExW 2311->2313 2312->2313 2315 7ff7cef2f668-7ff7cef2f675 2312->2315 2316 7ff7cef2f6c9-7ff7cef2f6ce 2313->2316 2317 7ff7cef2f6dc-7ff7cef2f708 call 7ff7cef2d240 2313->2317 2319 7ff7cef2f677-7ff7cef2f683 call 7ff7cef30510 2315->2319 2320 7ff7cef2f685-7ff7cef2f699 call 7ff7cefdd3e0 2315->2320 2324 7ff7cef2f76c-7ff7cef2f858 call 7ff7ceddf600 call 7ff7cef2fd90 call 7ff7cef8e470 RegQueryValueExW 2316->2324 2325 7ff7cef2f6d4-7ff7cef2f6d7 2316->2325 2317->2306 2331 7ff7cef2f69d 2319->2331 2320->2331 2336 7ff7cef2f85a-7ff7cef2f88c call 7ff7cee3e990 2324->2336 2337 7ff7cef2f891-7ff7cef2f896 2324->2337 2325->2309 2331->2313 2345 7ff7cef2f9be-7ff7cef2f9fc call 7ff7ceddc430 call 7ff7cef8b980 2336->2345 2339 7ff7cef2f8c8-7ff7cef2f8cd 2337->2339 2340 7ff7cef2f898-7ff7cef2f8c3 call 7ff7cef2d240 2337->2340 2343 7ff7cef2f9a1-7ff7cef2f9bb 2339->2343 2344 7ff7cef2f8d3-7ff7cef2f8d6 2339->2344 2340->2339 2343->2345 2346 7ff7cef2f8e0-7ff7cef2f8f4 2344->2346 2347 7ff7cef2f900 2346->2347 2348 7ff7cef2f8f6-7ff7cef2f8fe 2346->2348 2350 7ff7cef2f902-7ff7cef2f90c 2347->2350 2351 7ff7cef2f935-7ff7cef2f95b RegQueryValueExW 2347->2351 2348->2351 2353 7ff7cef2f90e-7ff7cef2f91a call 7ff7cede96e0 2350->2353 2354 7ff7cef2f91c-7ff7cef2f92d call 7ff7cefdd3e0 2350->2354 2356 7ff7cef2f95d-7ff7cef2f962 2351->2356 2357 7ff7cef2f970-7ff7cef2f99c call 7ff7cef2d240 2351->2357 2367 7ff7cef2f931 2353->2367 2354->2367 2361 7ff7cef2f968-7ff7cef2f96b 2356->2361 2362 7ff7cef2f9fd-7ff7cef2fa44 call 7ff7ceddf600 call 7ff7cef2fd90 call 7ff7cef8e470 2356->2362 2357->2343 2361->2346 2367->2351
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                            • String ID: >$Cannot query registry data due to '{}' value changed too often$Cannot query registry value data$Cannot query registry value size
                                                                                                                                                                            • API String ID: 3660427363-3204420311
                                                                                                                                                                            • Opcode ID: 6d136b01cce9800be6e8d79f3ccf541c9cbc723579d2ee259b352fe82f09bb16
                                                                                                                                                                            • Instruction ID: f76fe4e8cda7efeece932fb5a2b82b5f110e8dc6286ab1f8dc91006e5e5c98b2
                                                                                                                                                                            • Opcode Fuzzy Hash: 6d136b01cce9800be6e8d79f3ccf541c9cbc723579d2ee259b352fe82f09bb16
                                                                                                                                                                            • Instruction Fuzzy Hash: A9327F32A18B8189F710DF64E8412EEB7B4FB58798F904126EF8C67A59DF38E185C740
                                                                                                                                                                            Function 00007FF7CEE0BD60 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 209libraryloaderthreadCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2373 7ff7cee0bd60-7ff7cee0bdc2 GetModuleHandleW GetProcAddress 2374 7ff7cee0bdc8-7ff7cee0bdd8 2373->2374 2375 7ff7cee0beee-7ff7cee0bf33 call 7ff7cee11ec0 call 7ff7cef8e470 2373->2375 2377 7ff7cee0bed9-7ff7cee0bede call 7ff7cee11b40 2374->2377 2378 7ff7cee0bdde-7ff7cee0bde3 2374->2378 2389 7ff7cee0bf6f-7ff7cee0bf74 2375->2389 2390 7ff7cee0bf35-7ff7cee0bf43 SetEvent 2375->2390 2388 7ff7cee0bedf-7ff7cee0beed call 7ff7cef8a2cc 2377->2388 2378->2377 2380 7ff7cee0bde9 2378->2380 2383 7ff7cee0bdf0-7ff7cee0bdf8 2380->2383 2386 7ff7cee0bdfa-7ff7cee0bdfc 2383->2386 2387 7ff7cee0be04-7ff7cee0be68 call 7ff7cef8baf0 call 7ff7cefa2c48 2383->2387 2386->2377 2391 7ff7cee0be02 2386->2391 2387->2388 2408 7ff7cee0be6a-7ff7cee0be6e 2387->2408 2388->2375 2394 7ff7cee0bf80-7ff7cee0bf8a call 7ff7cef8a2cc 2390->2394 2395 7ff7cee0bf45-7ff7cee0bf4d GetCurrentThreadId 2390->2395 2391->2383 2398 7ff7cee0bf8b-7ff7cee0bfee call 7ff7cef8a2cc call 7ff7cefdd3e0 2394->2398 2395->2398 2399 7ff7cee0bf4f-7ff7cee0bf66 call 7ff7cef8a338 2395->2399 2419 7ff7cee0bff0 2398->2419 2420 7ff7cee0bff4-7ff7cee0c01a call 7ff7cee0c4d0 call 7ff7cee0c8d0 2398->2420 2410 7ff7cee0bf68-7ff7cee0bf6b 2399->2410 2411 7ff7cee0bf75-7ff7cee0bf7f call 7ff7cef8a2cc 2399->2411 2412 7ff7cee0be70-7ff7cee0bed2 call 7ff7cef8baf0 call 7ff7cef26b20 call 7ff7cef8b980 2408->2412 2413 7ff7cee0bed3 call 7ff7cefa2adc 2408->2413 2410->2389 2411->2394 2421 7ff7cee0bed8 2413->2421 2419->2420 2430 7ff7cee0c01f-7ff7cee0c06f call 7ff7cee0ba60 call 7ff7cee0bae0 call 7ff7ceddc6c0 call 7ff7cedda9b0 * 2 call 7ff7cef8b980 2420->2430 2421->2377
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Thread$AddressCurrentErrorEventExitHandleLastModuleProc
                                                                                                                                                                            • String ID: Already running$IsRunningInsideAvastService
                                                                                                                                                                            • API String ID: 3407786692-28184766
                                                                                                                                                                            • Opcode ID: 129cb1c09d8c9fc5f27aa4c8e8d75984b66494f1666815fd3ac3fb9bfa0b7956
                                                                                                                                                                            • Instruction ID: 0509541fa995f850ffa76c60cd69a49874d6f68c797adf3f94c1555bf448c226
                                                                                                                                                                            • Opcode Fuzzy Hash: 129cb1c09d8c9fc5f27aa4c8e8d75984b66494f1666815fd3ac3fb9bfa0b7956
                                                                                                                                                                            • Instruction Fuzzy Hash: 68819232918B8682E760EF21E4502AAF3A0FF98794F955135E78D136A6DF7CE580C760
                                                                                                                                                                            Function 00007FF7CEE0B4A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 120memorylibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ProtectVirtual$AddressExceptionFilterHandleModuleProcUnhandled__std_exception_destroy
                                                                                                                                                                            • String ID: C33A$Call to InstallGlobalHandler while being already installed.$EC0E$Kernel32.dll$SetUnhandledExceptionFilter
                                                                                                                                                                            • API String ID: 2217734308-3094406088
                                                                                                                                                                            • Opcode ID: 9aa5bc43c5ca61680017a8d9ff079830b59192f3c83aeeeda568252fb3237468
                                                                                                                                                                            • Instruction ID: 9d5259d924250d108cdda6c29782ddce2bebbb9103ca6c234b50d88ffc322df3
                                                                                                                                                                            • Opcode Fuzzy Hash: 9aa5bc43c5ca61680017a8d9ff079830b59192f3c83aeeeda568252fb3237468
                                                                                                                                                                            • Instruction Fuzzy Hash: B7515C32A08B458AE750EF34D8403ACB3B0FB58BA8F858136EA4D53B58DF78D594C760
                                                                                                                                                                            Function 00007FF7CEF1BC80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61librarynativeloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEE0773C), ref: 00007FF7CEF1BCCB
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEE0773C), ref: 00007FF7CEF1BCDB
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8B9F0: AcquireSRWLockExclusive.KERNEL32(?,?,000001B8DD2931C0,00007FF7CEDD7D2C), ref: 00007FF7CEF8BA00
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8B9F0: ReleaseSRWLockExclusive.KERNEL32(?,?,000001B8DD2931C0,00007FF7CEDD7D2C), ref: 00007FF7CEF8BA40
                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00007FF7CEF1BD18
                                                                                                                                                                            • NtQueryInformationProcess.NTDLL ref: 00007FF7CEF1BD3D
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8BA60: AcquireSRWLockExclusive.KERNEL32(?,?,000001B8DD2931C0,00007FF7CEDD7CF1), ref: 00007FF7CEF8BA70
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExclusiveLock$AcquireProcess$AddressCurrentHandleInformationModuleProcQueryRelease
                                                                                                                                                                            • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                                                                            • API String ID: 259813251-2906145389
                                                                                                                                                                            • Opcode ID: 86f0ad37cd99437d70ef9ac5a20daec63273ace03c12aa16b52e401eaae6bcc1
                                                                                                                                                                            • Instruction ID: cd3e2227fdcacf9e4f9c85d886b1d0f8f5543fccacf5a8f2a5299907a4911032
                                                                                                                                                                            • Opcode Fuzzy Hash: 86f0ad37cd99437d70ef9ac5a20daec63273ace03c12aa16b52e401eaae6bcc1
                                                                                                                                                                            • Instruction Fuzzy Hash: 6B213E25A08A86C6EA90AF12E8511F9B3A4FF86F60FC15136E94E53371DF2CE445D720
                                                                                                                                                                            Function 00007FF7CEE07660 Relevance: 9.2, APIs: 6, Instructions: 169threadmemoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7CEF1BC80: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEE0773C), ref: 00007FF7CEF1BCCB
                                                                                                                                                                              • Part of subcall function 00007FF7CEF1BC80: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEE0773C), ref: 00007FF7CEF1BCDB
                                                                                                                                                                              • Part of subcall function 00007FF7CEF1BC80: GetCurrentProcess.KERNEL32 ref: 00007FF7CEF1BD18
                                                                                                                                                                              • Part of subcall function 00007FF7CEF1BC80: NtQueryInformationProcess.NTDLL ref: 00007FF7CEF1BD3D
                                                                                                                                                                            • InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7CEE03C6F), ref: 00007FF7CEE07751
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7CEE03C6F), ref: 00007FF7CEE0775B
                                                                                                                                                                            • InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF7CEE03C6F), ref: 00007FF7CEE077CB
                                                                                                                                                                            • UpdateProcThreadAttribute.KERNEL32 ref: 00007FF7CEE077FC
                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7CEE078A0
                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7CEE078B9
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Proc$AttributeProcessThread$InitializeList$AddressCurrentErrorHandleHeapInformationLastModuleQueryUpdate_invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3121448849-0
                                                                                                                                                                            • Opcode ID: 649c77ca19b102d13b8b9d2f1622f9c1b56e88d023f7c09a3bbbb8426589d6bf
                                                                                                                                                                            • Instruction ID: 635f132fc860e1595f9b260527606f5958c83bf8ce1795740e60df7539b4f22d
                                                                                                                                                                            • Opcode Fuzzy Hash: 649c77ca19b102d13b8b9d2f1622f9c1b56e88d023f7c09a3bbbb8426589d6bf
                                                                                                                                                                            • Instruction Fuzzy Hash: 28716D22F14B8596F704EF72D5802ADB7B4FB88794F844635DA8D23A55DF38E1A1C320
                                                                                                                                                                            Function 00007FF8A83C2C98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                            • String ID: GetLocaleInfoEx
                                                                                                                                                                            • API String ID: 2299586839-2904428671
                                                                                                                                                                            • Opcode ID: 1c067a42888588f953ca89e39bfa08b10fcfe1a02321086ed9946bb5c27e012a
                                                                                                                                                                            • Instruction ID: c4d6338876443816a47b77ed280c9e26e39a4ff88d6477a6fd7a4fe09f06e4fa
                                                                                                                                                                            • Opcode Fuzzy Hash: 1c067a42888588f953ca89e39bfa08b10fcfe1a02321086ed9946bb5c27e012a
                                                                                                                                                                            • Instruction Fuzzy Hash: 6301F221B0AF81A1E7009B86B4441ABB761EF84BC0F588036DF4D07B55CF7CE9498354
                                                                                                                                                                            Function 00007FF7CEF3A530 Relevance: 2.9, APIs: 2, Instructions: 380COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 00007FF7CEF3A562
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8BA60: AcquireSRWLockExclusive.KERNEL32(?,?,000001B8DD2931C0,00007FF7CEDD7CF1), ref: 00007FF7CEF8BA70
                                                                                                                                                                              • Part of subcall function 00007FF7CEF38730: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF7CEF3A5A3), ref: 00007FF7CEF38776
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8B9F0: AcquireSRWLockExclusive.KERNEL32(?,?,000001B8DD2931C0,00007FF7CEDD7D2C), ref: 00007FF7CEF8BA00
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8B9F0: ReleaseSRWLockExclusive.KERNEL32(?,?,000001B8DD2931C0,00007FF7CEDD7D2C), ref: 00007FF7CEF8BA40
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7CEF3AABF
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCriticalSectionTime$EnterFileLeaveReleaseSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 516957425-0
                                                                                                                                                                            • Opcode ID: a7dd2fc7a77a3ba2fe96cffa6ece4e8546dcefc1a4b38e0b9dc45c6c547f7bac
                                                                                                                                                                            • Instruction ID: e7f4cb3a767533de2f3f21548ac00f664398ed22466e1dc528c55af9cbef339d
                                                                                                                                                                            • Opcode Fuzzy Hash: a7dd2fc7a77a3ba2fe96cffa6ece4e8546dcefc1a4b38e0b9dc45c6c547f7bac
                                                                                                                                                                            • Instruction Fuzzy Hash: 79027472618AC28BE748DF6CE8801B9F7A0F795720F840179E68DD7796DBACD505CB20
                                                                                                                                                                            Function 00007FF7CEF1BD90 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 94threadCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLastThread$CloseCurrentHandleOpenSelfToken$ImpersonateRevert
                                                                                                                                                                            • String ID: Unable to adjust token privilege '{}'!$Unable to assign the process impersonation token to the thread!$Unable to lookup privilege '{}'!$Unable to obtain the thread access token!
                                                                                                                                                                            • API String ID: 475273544-197369002
                                                                                                                                                                            • Opcode ID: ae76d4021564aa320d23062cb3ffeddbc2bf1a1c57c4f008ce50399594942c69
                                                                                                                                                                            • Instruction ID: a3fe71ac132643200869a4bad02bf7d0b53b89332eb265b2f5e0ec3903070a75
                                                                                                                                                                            • Opcode Fuzzy Hash: ae76d4021564aa320d23062cb3ffeddbc2bf1a1c57c4f008ce50399594942c69
                                                                                                                                                                            • Instruction Fuzzy Hash: 70416025A0CA87C6FB50BF20E8443B9A360BF44F68FC48431D68D526A5EF2CE588C771
                                                                                                                                                                            Function 00007FF7CEE0CE60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 300registrytimeCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2086 7ff7cee0ce60-7ff7cee0cec6 2087 7ff7cee0cec8 2086->2087 2088 7ff7cee0cecc-7ff7cee0cf7c call 7ff7cee0a4e0 call 7ff7cee14dd0 call 7ff7cef30a90 call 7ff7cee0a340 2086->2088 2087->2088 2097 7ff7cee0cf7e-7ff7cee0cf91 call 7ff7cee0a620 2088->2097 2098 7ff7cee0cf92-7ff7cee0d067 call 7ff7cefdd3e0 call 7ff7cee10d90 call 7ff7cefdd3e0 call 7ff7cee10d90 2088->2098 2097->2098 2109 7ff7cee0d070-7ff7cee0d078 2098->2109 2109->2109 2110 7ff7cee0d07a-7ff7cee0d0cd call 7ff7cee10ed0 call 7ff7cee0a340 2109->2110 2115 7ff7cee0d31c-7ff7cee0d327 2110->2115 2116 7ff7cee0d0d3-7ff7cee0d0ef 2110->2116 2117 7ff7cee0d329-7ff7cee0d337 call 7ff7cee102f0 2115->2117 2118 7ff7cee0d33c-7ff7cee0d35b 2115->2118 2119 7ff7cee0d0f2-7ff7cee0d0fa 2116->2119 2117->2118 2122 7ff7cee0d369 2118->2122 2123 7ff7cee0d35d-7ff7cee0d367 2118->2123 2119->2119 2121 7ff7cee0d0fc-7ff7cee0d151 call 7ff7cee10f20 call 7ff7cee0a340 2119->2121 2121->2115 2138 7ff7cee0d157-7ff7cee0d161 2121->2138 2125 7ff7cee0d370-7ff7cee0d373 2122->2125 2123->2125 2127 7ff7cee0d387-7ff7cee0d399 2125->2127 2128 7ff7cee0d375-7ff7cee0d37d RegCloseKey 2125->2128 2131 7ff7cee0d39b-7ff7cee0d3a9 call 7ff7cee102f0 2127->2131 2132 7ff7cee0d3ae-7ff7cee0d3cd 2127->2132 2128->2127 2130 7ff7cee0d37f-7ff7cee0d381 SetLastError 2128->2130 2130->2127 2131->2132 2135 7ff7cee0d3db 2132->2135 2136 7ff7cee0d3cf-7ff7cee0d3d9 2132->2136 2137 7ff7cee0d3e2-7ff7cee0d3e5 2135->2137 2136->2137 2139 7ff7cee0d3e7-7ff7cee0d3ef RegCloseKey 2137->2139 2140 7ff7cee0d3f9-7ff7cee0d40e 2137->2140 2138->2115 2141 7ff7cee0d167-7ff7cee0d18d GetSystemTimeAsFileTime 2138->2141 2139->2140 2142 7ff7cee0d3f1-7ff7cee0d3f3 SetLastError 2139->2142 2143 7ff7cee0d410-7ff7cee0d41b RegCloseKey 2140->2143 2144 7ff7cee0d425-7ff7cee0d44b call 7ff7cef8b980 2140->2144 2141->2115 2145 7ff7cee0d193-7ff7cee0d1b3 2141->2145 2142->2140 2143->2144 2146 7ff7cee0d41d-7ff7cee0d41f SetLastError 2143->2146 2148 7ff7cee0d1b6-7ff7cee0d1be 2145->2148 2146->2144 2148->2148 2150 7ff7cee0d1c0-7ff7cee0d213 call 7ff7cef2eb50 2148->2150 2152 7ff7cee0d218-7ff7cee0d26d call 7ff7cee0a340 call 7ff7cee10d90 2150->2152 2157 7ff7cee0d272-7ff7cee0d27a 2152->2157 2157->2157 2158 7ff7cee0d27c-7ff7cee0d2cd call 7ff7cef2ea70 call 7ff7cee0a340 2157->2158 2163 7ff7cee0d2dc-7ff7cee0d2f3 2158->2163 2164 7ff7cee0d2cf-7ff7cee0d2d7 call 7ff7cee102f0 2158->2164 2166 7ff7cee0d2ff 2163->2166 2167 7ff7cee0d2f5-7ff7cee0d2fd 2163->2167 2164->2163 2168 7ff7cee0d304-7ff7cee0d307 2166->2168 2167->2168 2168->2115 2169 7ff7cee0d309-7ff7cee0d311 RegCloseKey 2168->2169 2169->2115 2170 7ff7cee0d313-7ff7cee0d31b SetLastError 2169->2170 2170->2115
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorLast$Time$FileSystem
                                                                                                                                                                            • String ID: CrashGuardUms$GlobalFlag$StackTraceDatabaseSizeInMB
                                                                                                                                                                            • API String ID: 108130482-4061403250
                                                                                                                                                                            • Opcode ID: 9c122b6eb8bffb907f59d5f35a99effd12e7a1fb7ac4d6843d0e8a97d1cc84df
                                                                                                                                                                            • Instruction ID: bf22af8f46d2301bc2f4261df643ee8e1ab89c4baeaa2a6cf0c51fd5ab9f2dd9
                                                                                                                                                                            • Opcode Fuzzy Hash: 9c122b6eb8bffb907f59d5f35a99effd12e7a1fb7ac4d6843d0e8a97d1cc84df
                                                                                                                                                                            • Instruction Fuzzy Hash: 56F19372618BC189E760DF24E8903EDB3A0FB95798F805135EB8D6BA98DF78D245C710
                                                                                                                                                                            Function 00007FF7CEF29320 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 199COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2171 7ff7cef29320-7ff7cef29380 SHGetFolderPathW 2172 7ff7cef294cc-7ff7cef294ea 2171->2172 2173 7ff7cef29386-7ff7cef29396 2171->2173 2174 7ff7cef294f1-7ff7cef294fa 2172->2174 2175 7ff7cef29398-7ff7cef293ad GetWindowsDirectoryW 2173->2175 2176 7ff7cef293c3-7ff7cef293c6 2173->2176 2174->2174 2177 7ff7cef294fc-7ff7cef29507 call 7ff7cedd7a00 2174->2177 2178 7ff7cef2963c-7ff7cef29681 GetLastError call 7ff7cef298d0 call 7ff7cef8e470 2175->2178 2179 7ff7cef293b3-7ff7cef293b8 2175->2179 2180 7ff7cef293c8-7ff7cef293dd GetSystemDirectoryW 2176->2180 2181 7ff7cef293f3-7ff7cef293f6 2176->2181 2193 7ff7cef2950c 2177->2193 2187 7ff7cef29682-7ff7cef296c4 call 7ff7cef298d0 call 7ff7cef8e470 2178->2187 2186 7ff7cef293be 2179->2186 2179->2187 2188 7ff7cef296c5-7ff7cef29710 GetLastError call 7ff7cef298d0 call 7ff7cef8e470 2180->2188 2189 7ff7cef293e3-7ff7cef293e8 2180->2189 2183 7ff7cef293f8-7ff7cef293fb call 7ff7cef297f0 2181->2183 2184 7ff7cef29405-7ff7cef29408 2181->2184 2201 7ff7cef29400 2183->2201 2195 7ff7cef2940a-7ff7cef29412 call 7ff7cef29860 2184->2195 2196 7ff7cef29417-7ff7cef2941a 2184->2196 2186->2172 2187->2188 2191 7ff7cef29711-7ff7cef297ef call 7ff7cef298d0 call 7ff7cef8e470 call 7ff7cef298d0 call 7ff7cef8e470 call 7ff7cef298d0 call 7ff7cef8e470 2188->2191 2190 7ff7cef293ee 2189->2190 2189->2191 2190->2172 2203 7ff7cef2950f-7ff7cef2952f call 7ff7cef8b980 2193->2203 2195->2193 2205 7ff7cef2944e-7ff7cef29451 2196->2205 2206 7ff7cef2941c-7ff7cef29449 call 7ff7cef29210 2196->2206 2201->2193 2215 7ff7cef29457-7ff7cef29487 call 7ff7cef29210 2205->2215 2216 7ff7cef29555-7ff7cef29558 2205->2216 2206->2193 2215->2203 2221 7ff7cef295f8-7ff7cef2963b call 7ff7cef298d0 call 7ff7cef8e470 2216->2221 2222 7ff7cef2955e-7ff7cef2958e call 7ff7cef29210 2216->2222 2221->2178 2222->2203
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DirectoryErrorLast$FolderPathSystemWindows
                                                                                                                                                                            • String ID: 3$3$AppData$Common AppData$Local AppData$Unable to retrieve a path of the known folder ({})!
                                                                                                                                                                            • API String ID: 1744653567-3766723849
                                                                                                                                                                            • Opcode ID: a2c9b97e44407f5326cfbe33facb644c2a40c5b4b7e1708bd84a7f474be90672
                                                                                                                                                                            • Instruction ID: 6e58afe843122f472722a0ffe810160aec72a5887775a1e7eeef60e5e855a744
                                                                                                                                                                            • Opcode Fuzzy Hash: a2c9b97e44407f5326cfbe33facb644c2a40c5b4b7e1708bd84a7f474be90672
                                                                                                                                                                            • Instruction Fuzzy Hash: A1A17631A1CBC691E760EF14E8803EAA364FB85760FD06132E68D535A5DF3CD688C760
                                                                                                                                                                            Function 00007FF7CEF1C1E0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle$RevertSelf
                                                                                                                                                                            • String ID: Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$Unable to remove the impersonation token from the thread!
                                                                                                                                                                            • API String ID: 680554984-1021965375
                                                                                                                                                                            • Opcode ID: effac372596d7e68db604c044d4819013292818b7e9a76f48771a52b421049a6
                                                                                                                                                                            • Instruction ID: 4f25139f66cf9756c632bbb415350014062f00c2805d7abc3028dee9ede298af
                                                                                                                                                                            • Opcode Fuzzy Hash: effac372596d7e68db604c044d4819013292818b7e9a76f48771a52b421049a6
                                                                                                                                                                            • Instruction Fuzzy Hash: 87517E22B08B86D5E710EF60E8503EDB3A4FB44B98F944435EA8D23A99DF3CE155C360
                                                                                                                                                                            Function 00007FF7CEF377D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 130filelibraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            • Executed
                                                                                                                                                                            • Not Executed
                                                                                                                                                                            control_flow_graph 2475 7ff7cef377d0-7ff7cef3780b EnterCriticalSection 2476 7ff7cef37811-7ff7cef3781e call 7ff7cef2a930 2475->2476 2477 7ff7cef37893-7ff7cef37898 2475->2477 2486 7ff7cef37842 2476->2486 2487 7ff7cef37820-7ff7cef37823 2476->2487 2479 7ff7cef3789a-7ff7cef378a8 call 7ff7cef2a930 2477->2479 2480 7ff7cef378fe-7ff7cef37908 2477->2480 2495 7ff7cef378aa-7ff7cef378ad 2479->2495 2496 7ff7cef378cc 2479->2496 2481 7ff7cef3790a-7ff7cef37915 call 7ff7cef2a930 2480->2481 2482 7ff7cef3796b-7ff7cef37988 GetModuleHandleW 2480->2482 2500 7ff7cef37939 2481->2500 2501 7ff7cef37917-7ff7cef3791a 2481->2501 2489 7ff7cef3798a-7ff7cef379ae GetProcAddress * 2 2482->2489 2490 7ff7cef379b2-7ff7cef379c2 LeaveCriticalSection 2482->2490 2491 7ff7cef37845-7ff7cef37878 CreateFileW 2486->2491 2493 7ff7cef3783b-7ff7cef37840 2487->2493 2494 7ff7cef37825-7ff7cef37828 2487->2494 2489->2490 2497 7ff7cef3787a-7ff7cef3787d 2491->2497 2498 7ff7cef37890 2491->2498 2493->2491 2502 7ff7cef3782a-7ff7cef3782d 2494->2502 2503 7ff7cef37834-7ff7cef37839 2494->2503 2504 7ff7cef378af-7ff7cef378b2 2495->2504 2505 7ff7cef378c5-7ff7cef378ca 2495->2505 2499 7ff7cef378cf-7ff7cef378fa CreateFileW 2496->2499 2497->2477 2506 7ff7cef3787f-7ff7cef3788e call 7ff7cef379f0 2497->2506 2498->2477 2499->2480 2512 7ff7cef3793c-7ff7cef37967 CreateFileW 2500->2512 2507 7ff7cef3791c-7ff7cef3791f 2501->2507 2508 7ff7cef37932-7ff7cef37937 2501->2508 2502->2491 2509 7ff7cef3782f-7ff7cef37832 2502->2509 2503->2491 2510 7ff7cef378be-7ff7cef378c3 2504->2510 2511 7ff7cef378b4-7ff7cef378b7 2504->2511 2505->2499 2506->2477 2514 7ff7cef3792b-7ff7cef37930 2507->2514 2515 7ff7cef37921-7ff7cef37924 2507->2515 2508->2512 2509->2491 2510->2499 2511->2499 2516 7ff7cef378b9-7ff7cef378bc 2511->2516 2512->2482 2514->2512 2515->2512 2518 7ff7cef37926-7ff7cef37929 2515->2518 2516->2499 2518->2512
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressCreateFileHandleModuleProc$CriticalEnterSection
                                                                                                                                                                            • String ID: GetNamedPipeClientProcessId$GetNamedPipeServerProcessId$kernel32.dll
                                                                                                                                                                            • API String ID: 3518774015-2718959319
                                                                                                                                                                            • Opcode ID: cd9b3e18c9b351f7a62e4e1ff5606561f6cabb9bf1c11b4387f616ff0d885b68
                                                                                                                                                                            • Instruction ID: 28be74e0f714fb58fcda2e75e7b9068beb209bd7331b326cc00dfc6682ddd3ef
                                                                                                                                                                            • Opcode Fuzzy Hash: cd9b3e18c9b351f7a62e4e1ff5606561f6cabb9bf1c11b4387f616ff0d885b68
                                                                                                                                                                            • Instruction Fuzzy Hash: C1517132D09B4286E3A4AF24A41427AB7A5FB45B70FA50335CA5D13AD8DF3CE981C760
                                                                                                                                                                            Function 00007FF8A8105870 Relevance: 15.2, APIs: 10, Instructions: 202windowCOMMON
                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CtrlMessageSend$ParentWindow$Rect
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3091584759-0
                                                                                                                                                                            • Opcode ID: b91d086c1a75e04f1d017fbef28ab7799c3b80ae1130a7aefe181d1b66880b77
                                                                                                                                                                            • Instruction ID: 26aba36063d382a3983ce6588b88b3169b13a966845cb0b15af373a5cb1dd310
                                                                                                                                                                            • Opcode Fuzzy Hash: b91d086c1a75e04f1d017fbef28ab7799c3b80ae1130a7aefe181d1b66880b77
                                                                                                                                                                            • Instruction Fuzzy Hash: 57916A72A0AB419AEB148F62D8542AD73B1FB48BC8F044436CE4D57764CF3CE915C368
                                                                                                                                                                            Function 00007FF7CEF272C0 Relevance: 13.6, APIs: 9, Instructions: 112COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$CreateDirectory$AttributesFile
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2650082360-0
                                                                                                                                                                            • Opcode ID: 16d5db4af59a0a75d977a8ea0f01006e144d77a38e03915d1ee87dd09b329057
                                                                                                                                                                            • Instruction ID: 0baa43b12fe937e379b55d5a111278ca4bbe382877aea78aabd6ac005054b3ee
                                                                                                                                                                            • Opcode Fuzzy Hash: 16d5db4af59a0a75d977a8ea0f01006e144d77a38e03915d1ee87dd09b329057
                                                                                                                                                                            • Instruction Fuzzy Hash: B5417562E08B8281E750AF21E4441BDA391FB95FB4FC49531E95D636D8DF3CE495C720
                                                                                                                                                                            Function 00007FF8A8171D30 Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$DeleteRectSelectStock$ClipIntersectSaveVisible
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1353815414-0
                                                                                                                                                                            • Opcode ID: 53c4a57303f3444364a6ce3f773186b850ba6289c0bda56134615d0772ee3eb2
                                                                                                                                                                            • Instruction ID: 3bbee1606d39e7a939b33a0e769ae00718ee5632e2af087846d91d5bea587929
                                                                                                                                                                            • Opcode Fuzzy Hash: 53c4a57303f3444364a6ce3f773186b850ba6289c0bda56134615d0772ee3eb2
                                                                                                                                                                            • Instruction Fuzzy Hash: CD310A36A09A81A7DB40DF15F494529B3A0FB88B94F044435EF8E87B18DF7DE891CB54
                                                                                                                                                                            Function 00007FF7CEE6AAE0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLast$ReadSize
                                                                                                                                                                            • String ID: get_file_content$get_file_content: GetFileSizeEx$get_file_content: ReadFile
                                                                                                                                                                            • API String ID: 3509033087-2648918662
                                                                                                                                                                            • Opcode ID: 67347a6eefce451aae3dd8139fd41f3777ffa4630c88171bf6cbc8958edd90cb
                                                                                                                                                                            • Instruction ID: 25bb3e35a25667813f6516c75b16fd15fe3c3af421a160f51a8fa622f331f17e
                                                                                                                                                                            • Opcode Fuzzy Hash: 67347a6eefce451aae3dd8139fd41f3777ffa4630c88171bf6cbc8958edd90cb
                                                                                                                                                                            • Instruction Fuzzy Hash: 8F51C632B18B4695E700EF60E8402EDB374FB44B98FC09132EA4D57AA9DF38D595C360
                                                                                                                                                                            Function 00007FF7CEFB2DB0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FreeLibrary.KERNEL32(?,00007FF7CEFB36E8,?,?,?,?,00007FF7CEFAEF6D,?,?,?,?,00007FF7CEF89224,?,?,?,00007FF7CEF89772), ref: 00007FF7CEFB2F2F
                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF7CEFB36E8,?,?,?,?,00007FF7CEFAEF6D,?,?,?,?,00007FF7CEF89224,?,?,?,00007FF7CEF89772), ref: 00007FF7CEFB2F3B
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                            • Opcode ID: 0c375ea48d37f75958a8c9791984f65eeec1dd68eecfb2ed4505ca155abcdabe
                                                                                                                                                                            • Instruction ID: 4cdb35ae5ecd3adc013be86c936a92bca9821a9b7f997c4362f972960f0620ab
                                                                                                                                                                            • Opcode Fuzzy Hash: 0c375ea48d37f75958a8c9791984f65eeec1dd68eecfb2ed4505ca155abcdabe
                                                                                                                                                                            • Instruction Fuzzy Hash: 19415722B29A4241FA56FF0798441B9A396BF49BF0F888535ED5D9B784EF3CE0458330
                                                                                                                                                                            Function 00007FF7CEF2CAB0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                            • API String ID: 0-3023212541
                                                                                                                                                                            • Opcode ID: 98c8d8958ac0f82eda5d06206cacfe15022bdc6fbb3233c00ea2d7362b3484bd
                                                                                                                                                                            • Instruction ID: 3a5811777d17d1b7b0c7a65b7fe96a8e0baad8d17e523ed9f9e00e61dc813c57
                                                                                                                                                                            • Opcode Fuzzy Hash: 98c8d8958ac0f82eda5d06206cacfe15022bdc6fbb3233c00ea2d7362b3484bd
                                                                                                                                                                            • Instruction Fuzzy Hash: DDA1DD72A04B9186D7509F18E4403A9BBA0FB81B74FA58321DABDA37E4EF3CD495C710
                                                                                                                                                                            Function 00007FF7CEF2D8A0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorLastQueryValue$ExceptionFileHeaderRaise
                                                                                                                                                                            • String ID: Cannot query registry value type
                                                                                                                                                                            • API String ID: 1525063674-3837157275
                                                                                                                                                                            • Opcode ID: a306a7a696f3ff401ca4b27bae337616232d25a1ef2ce03a2b17783da9da5010
                                                                                                                                                                            • Instruction ID: f6630dc950f778539f60c32b9aba5b71bda2b4e9890dfb5c909387a8ae2eac57
                                                                                                                                                                            • Opcode Fuzzy Hash: a306a7a696f3ff401ca4b27bae337616232d25a1ef2ce03a2b17783da9da5010
                                                                                                                                                                            • Instruction Fuzzy Hash: 70819022B08A8199FB50EF74E4403EDB3A0FB447A8F844131EA8D67A59EF39E555C760
                                                                                                                                                                            Function 00007FF7CEF2A930 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule$AcquireAddressExclusiveLockProc
                                                                                                                                                                            • String ID: ModuleId$ProductId$on_avast_dll_unload
                                                                                                                                                                            • API String ID: 920030147-2425011003
                                                                                                                                                                            • Opcode ID: 8e884b82bb9442e89dbafd63dafb268c65f4690ba93ed63fee1a1566ba773ece
                                                                                                                                                                            • Instruction ID: 304304d6bc76d043f0572c4536e0669548f907c1d9f6fabdd53d922902155053
                                                                                                                                                                            • Opcode Fuzzy Hash: 8e884b82bb9442e89dbafd63dafb268c65f4690ba93ed63fee1a1566ba773ece
                                                                                                                                                                            • Instruction Fuzzy Hash: A441A461918E8792EA50FF14E8512FAE320FF91724FC15232E18D626B5EF2CE589C770
                                                                                                                                                                            Function 00007FF7CEF1B7A0 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$CurrentOpenProcessThreadToken$CloseHandle
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2320986313-0
                                                                                                                                                                            • Opcode ID: a4b9743fb41235baf4cb0d19906448ac42a37bfcf75e8d58cb8e6c918f6a44d2
                                                                                                                                                                            • Instruction ID: 045f1c58e8cebe7d0ae2eb8c796da462ae99fcdf90d7e3e9d2df321cd71fbc83
                                                                                                                                                                            • Opcode Fuzzy Hash: a4b9743fb41235baf4cb0d19906448ac42a37bfcf75e8d58cb8e6c918f6a44d2
                                                                                                                                                                            • Instruction Fuzzy Hash: EA115E21B08BCAC9EAA0AF61E4543BAA350EF85F65FC08035D9CD42695EF2CD149D732
                                                                                                                                                                            Function 00007FF7CEF2E2D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Create$CloseErrorLast
                                                                                                                                                                            • String ID: Cannot create registry key
                                                                                                                                                                            • API String ID: 3551974399-2366797263
                                                                                                                                                                            • Opcode ID: 11c8eeb124d90bd50031afaca8d02fcea15d2338fa4f8bbf832fff042cc04dd9
                                                                                                                                                                            • Instruction ID: 6de2e71aec8e356c667ef128be6c8d1b66b68f20f95270202a77e1aa9d0a2483
                                                                                                                                                                            • Opcode Fuzzy Hash: 11c8eeb124d90bd50031afaca8d02fcea15d2338fa4f8bbf832fff042cc04dd9
                                                                                                                                                                            • Instruction Fuzzy Hash: 0B510672A04B818AE761DF65E8802DD77B4F748B98F50412ADE8D6BB58DF38D590CB10
                                                                                                                                                                            Function 00007FF7CEE05490 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                            • String ID: 244E$661B$Process dumper doesn't exist in path '
                                                                                                                                                                            • API String ID: 3188754299-664137131
                                                                                                                                                                            • Opcode ID: 686ca44f4e75f0a075bf9bc179b1a9de2f0bbec3d1bbf7f43de697d5513cc94f
                                                                                                                                                                            • Instruction ID: 59a17248af8b4e21fdc71c58c2373dbd0af22a2c03f20111118a0c0b1327e499
                                                                                                                                                                            • Opcode Fuzzy Hash: 686ca44f4e75f0a075bf9bc179b1a9de2f0bbec3d1bbf7f43de697d5513cc94f
                                                                                                                                                                            • Instruction Fuzzy Hash: A241D572918A8185FB10FF24E4402BEE3A0FB95BA4FC01136E94D67699DF7CD184CB60
                                                                                                                                                                            Function 00007FF8A80F7797 Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Parent$CriticalCtrlLeaveMessageSectionSend
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3214112767-0
                                                                                                                                                                            • Opcode ID: f2152afbe9989a324e2cc075c1691d295d29c9e9b653e0688db73ed0b386ffd5
                                                                                                                                                                            • Instruction ID: 9334c47715c3b7956ebce52e0dd3927be83c4403f0288d48f37ced4aeed1187c
                                                                                                                                                                            • Opcode Fuzzy Hash: f2152afbe9989a324e2cc075c1691d295d29c9e9b653e0688db73ed0b386ffd5
                                                                                                                                                                            • Instruction Fuzzy Hash: 65317E22B06B82A7EF598F21D9442B867A1FF44FD8F088131CA0D0B7A0DF7DE8658354
                                                                                                                                                                            Function 00007FF7CEFA2C48 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2067211477-0
                                                                                                                                                                            • Opcode ID: 5eaeee312dcf0f73d9862fd825015aca671ccff0863cf4f975b789032c1fb287
                                                                                                                                                                            • Instruction ID: 4404343eb4dd36330e30828fb3f5f05ff9303b49657f5fa2d90c6d559af011fd
                                                                                                                                                                            • Opcode Fuzzy Hash: 5eaeee312dcf0f73d9862fd825015aca671ccff0863cf4f975b789032c1fb287
                                                                                                                                                                            • Instruction Fuzzy Hash: 2A218425B0D78282FE98AF65A410179E3A4BF84FF0F844435EE4E6B755DE3CE5409630
                                                                                                                                                                            Function 00007FF7CEE66890 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00007FF7CEE6691E
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00007FF7CEE66938
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00007FF7CEE669E5
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8E470: RtlPcToFileHeader.NTDLL ref: 00007FF7CEF8E4C0
                                                                                                                                                                              • Part of subcall function 00007FF7CEF8E470: RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF7CEF89536), ref: 00007FF7CEF8E501
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$CloseCreateErrorExceptionHandleHeaderLastRaise
                                                                                                                                                                            • String ID: couldn't open file
                                                                                                                                                                            • API String ID: 3501643867-3645828643
                                                                                                                                                                            • Opcode ID: e456ae9ecf553efa83dec7ee5434a3bb500008125b83ad057ddef8a856676602
                                                                                                                                                                            • Instruction ID: 7c5b0a8865e21d69566ca4c83a1787889b3add8aef95124606e50c557a40e113
                                                                                                                                                                            • Opcode Fuzzy Hash: e456ae9ecf553efa83dec7ee5434a3bb500008125b83ad057ddef8a856676602
                                                                                                                                                                            • Instruction Fuzzy Hash: 6D519E72A18B4682E750EF14E4403A9B3A8FB847B4F914231EAAD437D0DFBDD885C720
                                                                                                                                                                            Function 00007FF7CEF2D5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseErrorExceptionFileHeaderLastQueryRaiseValue__std_exception_copy
                                                                                                                                                                            • String ID: Cannot query registry value
                                                                                                                                                                            • API String ID: 1422943749-1100310711
                                                                                                                                                                            • Opcode ID: 7eda902cad50949969edf147d2c2b41ccd4b4542ff494ceb8d1835331d62c04e
                                                                                                                                                                            • Instruction ID: 63c0e73d0b25dc1a1385819f2c9ada1fc0ec26c600f8d338bf9ec98725d07fad
                                                                                                                                                                            • Opcode Fuzzy Hash: 7eda902cad50949969edf147d2c2b41ccd4b4542ff494ceb8d1835331d62c04e
                                                                                                                                                                            • Instruction Fuzzy Hash: 8C416D32708A858AE750EF20E4801EDB3B4FB48798F845536EB8D53B59DF38E594C760
                                                                                                                                                                            Function 00007FF7CEF3B890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: EnvironmentErrorLastVariable
                                                                                                                                                                            • String ID: -$Unable to retrieve environment variable '{}'!
                                                                                                                                                                            • API String ID: 3114522214-584169599
                                                                                                                                                                            • Opcode ID: 112810b776423156dd3c69b07fed8018cea47deb097755b8f82e836f81e1d996
                                                                                                                                                                            • Instruction ID: c5069aa871f0e8c127861cfe5e18c660638cb09c0aa1283604b4e489ae3149b5
                                                                                                                                                                            • Opcode Fuzzy Hash: 112810b776423156dd3c69b07fed8018cea47deb097755b8f82e836f81e1d996
                                                                                                                                                                            • Instruction Fuzzy Hash: 9B31A132A18B8581E750EF11E8443AAF3A0FB88BA4F905135EACD57765EF3CE594CB50
                                                                                                                                                                            Function 00007FF7CEF26150 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26080: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7CEDD6A41,?,?,?,?,00000000,00000008,?,00007FF7CEDDCCD5), ref: 00007FF7CEF260C1
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26080: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7CEDD6A41,?,?,?,?,00000000,00000008,?,00007FF7CEDDCCD5), ref: 00007FF7CEF260DA
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26080: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7CEDD6A41,?,?,?,?,00000000,00000008,?,00007FF7CEDDCCD5), ref: 00007FF7CEF26137
                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7CEDDCD71), ref: 00007FF7CEF261A7
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7CEDDCD71), ref: 00007FF7CEF261C8
                                                                                                                                                                            • LeaveCriticalSection.KERNEL32 ref: 00007FF7CEF261F2
                                                                                                                                                                            Strings
                                                                                                                                                                            • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF7CEF26216
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$CloseDeleteEnterEventHandleInitializeLeave
                                                                                                                                                                            • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                            • API String ID: 3040484998-3605786268
                                                                                                                                                                            • Opcode ID: d87add874008cb33a486ec9996a4cbe86447223344b6ee13d2f019e25a5db3ca
                                                                                                                                                                            • Instruction ID: a1d44395c2356cb58bbfb2769664ddb3898eca71da1a813b5d5e7660762de361
                                                                                                                                                                            • Opcode Fuzzy Hash: d87add874008cb33a486ec9996a4cbe86447223344b6ee13d2f019e25a5db3ca
                                                                                                                                                                            • Instruction Fuzzy Hash: 7A21B422B08B4682EE50EF24E8503BDA360FF85BA0F954131DA9D57676EF3CE595C720
                                                                                                                                                                            Function 00007FF7CEE121F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                            • String ID: avcfg://settings/CrashGuard/DumpFirstChance$avdef://config/Common/DumpFirstChance
                                                                                                                                                                            • API String ID: 2453523683-111190449
                                                                                                                                                                            • Opcode ID: 0163099a54c00a74d6237382d5fa12750a901ae7f07f023f6680c59c3c8afbdc
                                                                                                                                                                            • Instruction ID: 753c3674b3c544ec90ccaf90d70de2191846a4b7ee0c25c573178a8496fad3bd
                                                                                                                                                                            • Opcode Fuzzy Hash: 0163099a54c00a74d6237382d5fa12750a901ae7f07f023f6680c59c3c8afbdc
                                                                                                                                                                            • Instruction Fuzzy Hash: 5E212F32918B8592E610EF10E4401AAB774FB89B94F955236FACD13B65EF3CD285C760
                                                                                                                                                                            Function 00007FF8A8126520 Relevance: 6.5, APIs: 4, Instructions: 492windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Focus$ForegroundWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 332191172-0
                                                                                                                                                                            • Opcode ID: b1ba99a6e9452a09a25b038bd3de7f24a6a334b026cacbdc4719f23dda5402f4
                                                                                                                                                                            • Instruction ID: b56f09969f12dfe7c1ab7d55af3516fb9288dc49363d83f90278a5e8a160420a
                                                                                                                                                                            • Opcode Fuzzy Hash: b1ba99a6e9452a09a25b038bd3de7f24a6a334b026cacbdc4719f23dda5402f4
                                                                                                                                                                            • Instruction Fuzzy Hash: 82224576B0AF459AEB16CB6AD4546AD37A1FB44BC8F0A8431CE0D07764DF39D809C368
                                                                                                                                                                            Function 00007FF7CEDD6470 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000007,00007FF7CEF18A7E), ref: 00007FF7CEDD6512
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000007,00007FF7CEF18A7E), ref: 00007FF7CEDD6552
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                            • String ID: to_wide<char> invalid arguments$to_wide<char>::MultiByteToWideChar
                                                                                                                                                                            • API String ID: 626452242-363086301
                                                                                                                                                                            • Opcode ID: 3bef8cdc60da9c39fd192987c5151a94e8f3453bb86c3915843af768255778c7
                                                                                                                                                                            • Instruction ID: b9609a10fa292e899627348d1bd9d40605ece0576c55d536f3628331d24f213e
                                                                                                                                                                            • Opcode Fuzzy Hash: 3bef8cdc60da9c39fd192987c5151a94e8f3453bb86c3915843af768255778c7
                                                                                                                                                                            • Instruction Fuzzy Hash: BF411731A0C78681EB60AF10E8401B8A790EF94BA4F815135FA5E17794EF3CE6D1C370
                                                                                                                                                                            Function 00007FF8A80F83EB Relevance: 6.1, APIs: 4, Instructions: 83timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Timer$ClickCriticalDoubleLeaveSectionTime
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2419403106-0
                                                                                                                                                                            • Opcode ID: 1475106bbff1aedd033ec94fe75bb27e4e419721db70016497e73a3d2c1f4a11
                                                                                                                                                                            • Instruction ID: 513dea6efff90c061c13a34108b666749a91b8da30b219080d5b047f3d14c4aa
                                                                                                                                                                            • Opcode Fuzzy Hash: 1475106bbff1aedd033ec94fe75bb27e4e419721db70016497e73a3d2c1f4a11
                                                                                                                                                                            • Instruction Fuzzy Hash: 31318F36706A81A7EB59CB25D9546A967A0FB88BC8F048132CF1D077A0CF79E865C714
                                                                                                                                                                            Function 00007FF8A80F6A70 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterKillLeaveTimer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 610966039-0
                                                                                                                                                                            • Opcode ID: 3e0637cef269a17a1dee3de064c7cffe6cac5d290073153ef176d92e65f52684
                                                                                                                                                                            • Instruction ID: dc9a5c9419bff099fac922e6c526151a006fdc3043d774ff2f3d6f518d75be39
                                                                                                                                                                            • Opcode Fuzzy Hash: 3e0637cef269a17a1dee3de064c7cffe6cac5d290073153ef176d92e65f52684
                                                                                                                                                                            • Instruction Fuzzy Hash: F4216032B0AA44A1EA109F11E8546797760FB45FC5F088135DD5E0B760CFBDEC568358
                                                                                                                                                                            Function 00007FF7CEDDCC70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123synchronizationCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7CEDD6A00: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7CEDDCCD5), ref: 00007FF7CEDD6A60
                                                                                                                                                                              • Part of subcall function 00007FF7CEDD6A00: LeaveCriticalSection.KERNEL32 ref: 00007FF7CEDD6AA1
                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7CEDDCD8D
                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7CEDDCDAF
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26150: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7CEDDCD71), ref: 00007FF7CEF261A7
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26150: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7CEDDCD71), ref: 00007FF7CEF261C8
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26150: LeaveCriticalSection.KERNEL32 ref: 00007FF7CEF261F2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle$CriticalLeaveSection$EventObjectSingleWait
                                                                                                                                                                            • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                            • API String ID: 1589410826-2706815617
                                                                                                                                                                            • Opcode ID: 6f7312a7dcc069f7e9e7043670515f8246aaba2c8cf634a5ba989b293f6de179
                                                                                                                                                                            • Instruction ID: 69c9d4f4d12d1dad57d9524fa95926a56c26ebe8afccbd42cb8cb6f208bd345e
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f7312a7dcc069f7e9e7043670515f8246aaba2c8cf634a5ba989b293f6de179
                                                                                                                                                                            • Instruction Fuzzy Hash: F4519032B09B8199EB10EF20E8402EC73A5FB49B68F815535EA4D27B99DF38E555C360
                                                                                                                                                                            Function 00007FF7CEDDCA90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123synchronizationCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7CEDD6A00: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF7CEDDCCD5), ref: 00007FF7CEDD6A60
                                                                                                                                                                              • Part of subcall function 00007FF7CEDD6A00: LeaveCriticalSection.KERNEL32 ref: 00007FF7CEDD6AA1
                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7CEDDCBAD
                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00007FF7CEDDCBCF
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26150: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7CEDDCD71), ref: 00007FF7CEF261A7
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26150: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF7CEDDCD71), ref: 00007FF7CEF261C8
                                                                                                                                                                              • Part of subcall function 00007FF7CEF26150: LeaveCriticalSection.KERNEL32 ref: 00007FF7CEF261F2
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CloseHandle$CriticalLeaveSection$EventObjectSingleWait
                                                                                                                                                                            • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                            • API String ID: 1589410826-2706815617
                                                                                                                                                                            • Opcode ID: 5f93ddaddabd4a98c4cd48055ad85ea87ab73899bb8612acdbadeae4fb4397bd
                                                                                                                                                                            • Instruction ID: a1f818bfbff35204b5b39e5c4c1789cae1906716e5aad8cfccb0a5b61eb746f2
                                                                                                                                                                            • Opcode Fuzzy Hash: 5f93ddaddabd4a98c4cd48055ad85ea87ab73899bb8612acdbadeae4fb4397bd
                                                                                                                                                                            • Instruction Fuzzy Hash: C0519F32B09B8199EB10EF20E4402EC73B5FB45B68F815535EA4D27B99DF38E555C360
                                                                                                                                                                            Function 00007FF7CEE14A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ControlCountDeviceTick
                                                                                                                                                                            • String ID: X
                                                                                                                                                                            • API String ID: 2693983885-3081909835
                                                                                                                                                                            • Opcode ID: 12a560f9895aee7df7ec0289f2018c0996df9c24545c492e158419051bf41c07
                                                                                                                                                                            • Instruction ID: c943b6e0b9ebf5be8c60d05ac44b84dbc7700eb3082075038c7abd3d9e8fdfe1
                                                                                                                                                                            • Opcode Fuzzy Hash: 12a560f9895aee7df7ec0289f2018c0996df9c24545c492e158419051bf41c07
                                                                                                                                                                            • Instruction Fuzzy Hash: CF217C33A08F8582E7609F24E48436EB3A4F788BA8F519325DA9D03759EF78D495CB40
                                                                                                                                                                            Function 00007FF7CEF8E470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                            • String ID: csm
                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                            • Opcode ID: a3924abaf564cebc9357eef2fe38e05291484a79d7e18ad83b85b2459db9848c
                                                                                                                                                                            • Instruction ID: 2f847dde557a78d143e9d1bafce9c9da27e1afb4873c3fba2732d6aa8174556f
                                                                                                                                                                            • Opcode Fuzzy Hash: a3924abaf564cebc9357eef2fe38e05291484a79d7e18ad83b85b2459db9848c
                                                                                                                                                                            • Instruction Fuzzy Hash: AE116036618B8082EB609F15F840259B7E4FB88BA4F988230EECC17B58EF3CD551C710
                                                                                                                                                                            Function 00007FF8A8104660 Relevance: 4.6, APIs: 3, Instructions: 122timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 951747058-0
                                                                                                                                                                            • Opcode ID: e2ecf4126d7325b51e11bb1362bcbac83db8c1138b39ca509e610d1a22cd0a13
                                                                                                                                                                            • Instruction ID: ca3f3609db565514c6c78461d66575cb66c6f63e45a9d4db0da445dd53aaf6df
                                                                                                                                                                            • Opcode Fuzzy Hash: e2ecf4126d7325b51e11bb1362bcbac83db8c1138b39ca509e610d1a22cd0a13
                                                                                                                                                                            • Instruction Fuzzy Hash: 47519C3670AF81A6EA11CB25E88067973B4FB89BC8F054031DA8D87B61DF7CE845C714
                                                                                                                                                                            Function 00007FF8A8102660 Relevance: 4.6, APIs: 3, Instructions: 105timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 951747058-0
                                                                                                                                                                            • Opcode ID: 7c13838936da61596afb6aba4682eb61b449216ebd8a9a0d1e7c0cb9308f9824
                                                                                                                                                                            • Instruction ID: 88f6101a054b7de4251a5dbd9ed3c26c762357567b84ee1736ada37d7e32a443
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c13838936da61596afb6aba4682eb61b449216ebd8a9a0d1e7c0cb9308f9824
                                                                                                                                                                            • Instruction Fuzzy Hash: 6341AC36A0AB46A2EE16CB15E89427963A1FF88FC8F084032CE4E47761CF3CD805C764
                                                                                                                                                                            Function 00007FF8A8100E50 Relevance: 4.6, APIs: 3, Instructions: 99timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 951747058-0
                                                                                                                                                                            • Opcode ID: d28a633e0362330915a32de4f0516ca57c0926545ae8fa29d4371d2ff928fa5a
                                                                                                                                                                            • Instruction ID: 7477cf2e65173897bed95ec9ba85c093a15503cd27e3483dc8bea0c05ea8a5f5
                                                                                                                                                                            • Opcode Fuzzy Hash: d28a633e0362330915a32de4f0516ca57c0926545ae8fa29d4371d2ff928fa5a
                                                                                                                                                                            • Instruction Fuzzy Hash: AC413332A1AF4596EA148F16E890529B3A4FB89FC5F194132EE8E07B30CF7DD846C354
                                                                                                                                                                            Function 00007FF8A80F6E70 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalEnterSection
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1904992153-0
                                                                                                                                                                            • Opcode ID: 7c188b7dafa083f4b099fa64af861c9d4458df9e86cbcb82e2dbdb4e01d3b209
                                                                                                                                                                            • Instruction ID: c83639a9185a4ead6d675c688195f42a489f9d89f989db133c475cf098a9a1d0
                                                                                                                                                                            • Opcode Fuzzy Hash: 7c188b7dafa083f4b099fa64af861c9d4458df9e86cbcb82e2dbdb4e01d3b209
                                                                                                                                                                            • Instruction Fuzzy Hash: 2A31A122A0BA12A6FE5A8B2195802B967A1FF05FD4F098031CE0D177D5DF7DAC758228
                                                                                                                                                                            Function 00007FF8A8113980 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                            • Opcode ID: f6f47fd953e2a13db3240fadf8f5e218c83e9233cf8a1a6e54a296b4d0f4ca66
                                                                                                                                                                            • Instruction ID: b1dc2b7d3fbcb7d4c6670d384490a4c0784f650fb407f7e6fc57cd4ed8908453
                                                                                                                                                                            • Opcode Fuzzy Hash: f6f47fd953e2a13db3240fadf8f5e218c83e9233cf8a1a6e54a296b4d0f4ca66
                                                                                                                                                                            • Instruction Fuzzy Hash: EA216B6671AB46A1EB158B1AE854A6867A0FF84FC8F094035CE0D4B364EF7DE805C354
                                                                                                                                                                            Function 00007FF8A80FE790 Relevance: 4.6, APIs: 3, Instructions: 64windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CtrlMessageParentSend
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1176577205-0
                                                                                                                                                                            • Opcode ID: 54dafa8ba3fc6a5d869d45bad766bdb8c7ea5ef08f1ef6dff0a40dde764bf071
                                                                                                                                                                            • Instruction ID: 534883a0af3447598fbdfd6b979bc185c817856f8ae6d3baf2c6d7ba4bd55915
                                                                                                                                                                            • Opcode Fuzzy Hash: 54dafa8ba3fc6a5d869d45bad766bdb8c7ea5ef08f1ef6dff0a40dde764bf071
                                                                                                                                                                            • Instruction Fuzzy Hash: A821C172A0AB4192EF10DF26A80466973A1FF84BC4F544035EE4D4B794DF7DE851C724
                                                                                                                                                                            Function 00007FF7CEE14EF0 Relevance: 4.6, APIs: 3, Instructions: 53timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Times$CountProcessSystemTick
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1969624557-0
                                                                                                                                                                            • Opcode ID: dcd8e5e7be7fba5c6ed74077f4d26089fa141bc83a8a49af5c14202b2dbf624f
                                                                                                                                                                            • Instruction ID: 94567e3cc6c9d4f916df5137ad1699df1b73d676af5758c760fddca98c9c94d1
                                                                                                                                                                            • Opcode Fuzzy Hash: dcd8e5e7be7fba5c6ed74077f4d26089fa141bc83a8a49af5c14202b2dbf624f
                                                                                                                                                                            • Instruction Fuzzy Hash: E821FB32518FC682EB409F24E4401AEB3B4FB88B98F515126EBCD42729EF78D5D4C750
                                                                                                                                                                            Function 00007FF8A8102960 Relevance: 4.5, APIs: 3, Instructions: 45windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CtrlMessageParentSend
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1176577205-0
                                                                                                                                                                            • Opcode ID: 0bf5ea1af7750d39e4710ceb2ebc3c1e041e08cb43134f79a39fc19b3cd5844d
                                                                                                                                                                            • Instruction ID: 0e98990147edb3970ed0196f105bc31c89e4f13cfbb12262ce9f029c116fbca5
                                                                                                                                                                            • Opcode Fuzzy Hash: 0bf5ea1af7750d39e4710ceb2ebc3c1e041e08cb43134f79a39fc19b3cd5844d
                                                                                                                                                                            • Instruction Fuzzy Hash: 9111677261AF8192EB408B20E88826973A4FB48BC4F254035EA9D4B724DF3DE891C754
                                                                                                                                                                            Function 00007FF8A8114420 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: f229534ce545993bb71224bd84c3079def877ea15f3beee6ca64fad02a191201
                                                                                                                                                                            • Instruction ID: 07aba16a3dc56668a813e128e45278de1c46c4ed878aa8dfe531b7be72560083
                                                                                                                                                                            • Opcode Fuzzy Hash: f229534ce545993bb71224bd84c3079def877ea15f3beee6ca64fad02a191201
                                                                                                                                                                            • Instruction Fuzzy Hash: 6451BC26B0BB46A2EA65CB16E85013863A1FF84FD4F084135CE5E07BA4DF7CE805C368
                                                                                                                                                                            Function 00007FF7CEDD6C90 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2453523683-0
                                                                                                                                                                            • Opcode ID: f885a1d791054fe90273db24759634d3f7693a74f90489486bc4f588d5bc121a
                                                                                                                                                                            • Instruction ID: d936dd04d2138405cd79d857cd3828cdf9f8017f23f8d7532259cfb1998955eb
                                                                                                                                                                            • Opcode Fuzzy Hash: f885a1d791054fe90273db24759634d3f7693a74f90489486bc4f588d5bc121a
                                                                                                                                                                            • Instruction Fuzzy Hash: 8841A736A08F8182EB50EF15E440269F3A4FB44FA0FA59136EA9D17760DF3DE981C760
                                                                                                                                                                            Function 00007FF8A8112E50 Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                            • Opcode ID: 110c3ff682093cd4d7651e0c1a8cf561234fdb84ec9ad682da8b0a2eb879c089
                                                                                                                                                                            • Instruction ID: 364578a5839cf99842ec3ef08e0ba2ef8365249969d7028665023921d5cb7b58
                                                                                                                                                                            • Opcode Fuzzy Hash: 110c3ff682093cd4d7651e0c1a8cf561234fdb84ec9ad682da8b0a2eb879c089
                                                                                                                                                                            • Instruction Fuzzy Hash: 4731A232B2968296EB65CB25E54027EB7E0FB857C0F444035DB8D87B98DF2CE550CB18
                                                                                                                                                                            Function 00007FF7CEE0C4D0 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentInfoNativeProcessSystem
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852810090-0
                                                                                                                                                                            • Opcode ID: 14c4494946f75d40a82cf59734a93dc75e7f1990ab80c491653a7bd9b2f293ab
                                                                                                                                                                            • Instruction ID: abd0e657b7418a9e0b84ea2d3f755cb439f9fdf8d89c475f2ffe7470df086b66
                                                                                                                                                                            • Opcode Fuzzy Hash: 14c4494946f75d40a82cf59734a93dc75e7f1990ab80c491653a7bd9b2f293ab
                                                                                                                                                                            • Instruction Fuzzy Hash: E5419132600B8086D350CF25E98065DB7FDFB68B88F55822ADB8947BA8DF78D0A5C350
                                                                                                                                                                            Function 00007FF8A8103570 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: UpdateWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2116364557-0
                                                                                                                                                                            • Opcode ID: c86d99b05ce1654ec701db8511d34a59832acb5111bb8cc54e0c11ed7eb44029
                                                                                                                                                                            • Instruction ID: 4b0f7e4cb7406ee44c9126d63926b4010bdec7fba75f338acdc5bb4e651ec88d
                                                                                                                                                                            • Opcode Fuzzy Hash: c86d99b05ce1654ec701db8511d34a59832acb5111bb8cc54e0c11ed7eb44029
                                                                                                                                                                            • Instruction Fuzzy Hash: AE217136B0AA4196EA14CB55E49027AB770FF88BD4F084235DB9D477A4CF3CE600C714
                                                                                                                                                                            Function 00007FF7CEFA2ADC Relevance: 3.1, APIs: 2, Instructions: 51threadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF7CEFB02D0: GetLastError.KERNEL32(?,?,?,00007FF7CEFB73CB,?,?,?,00007FF7CEFB0694,?,?,?,00007FF7CEF9FFCF,?,?,00000000,00007FF7CEFB55AF), ref: 00007FF7CEFB02DF
                                                                                                                                                                              • Part of subcall function 00007FF7CEFB02D0: FlsGetValue.KERNEL32(?,?,?,00007FF7CEFB73CB,?,?,?,00007FF7CEFB0694,?,?,?,00007FF7CEF9FFCF,?,?,00000000,00007FF7CEFB55AF), ref: 00007FF7CEFB02F4
                                                                                                                                                                              • Part of subcall function 00007FF7CEFB02D0: SetLastError.KERNEL32(?,?,?,00007FF7CEFB73CB,?,?,?,00007FF7CEFB0694,?,?,?,00007FF7CEF9FFCF,?,?,00000000,00007FF7CEFB55AF), ref: 00007FF7CEFB037F
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEE0BED8), ref: 00007FF7CEFA2B1E
                                                                                                                                                                            • ExitThread.KERNEL32 ref: 00007FF7CEFA2B26
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorLast$ExitThreadValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 10640732-0
                                                                                                                                                                            • Opcode ID: bcca149aec0cac72ea884b249850bc3c6127843bfa059a7f7e821730280399ca
                                                                                                                                                                            • Instruction ID: b8639c59abd8c29a9620aa02583d8df1a42e7a974cbc7c2449b2671de5b9932a
                                                                                                                                                                            • Opcode Fuzzy Hash: bcca149aec0cac72ea884b249850bc3c6127843bfa059a7f7e821730280399ca
                                                                                                                                                                            • Instruction Fuzzy Hash: D701D811F4A64682FE897F7094551BCD260AF14B70F846530DD4D6B792EF2CE484C331
                                                                                                                                                                            Function 00007FF7CEF726C0 Relevance: 3.0, APIs: 2, Instructions: 38timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • QueryUnbiasedInterruptTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7CEDD3281), ref: 00007FF7CEF726DD
                                                                                                                                                                            • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7CEDD3281), ref: 00007FF7CEF726F2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InterruptQuerySystemTimeTimesUnbiased
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3974609374-0
                                                                                                                                                                            • Opcode ID: f9c3a206c6382d1aa1d47deaf89e8e709376e4734b79e1b60508649fd79711a3
                                                                                                                                                                            • Instruction ID: 8dca5f423f265f570e3b963814cc18156f5ffdde18880e1cf2c0cbc7e39636f2
                                                                                                                                                                            • Opcode Fuzzy Hash: f9c3a206c6382d1aa1d47deaf89e8e709376e4734b79e1b60508649fd79711a3
                                                                                                                                                                            • Instruction Fuzzy Hash: 5C11B476618A8586C764DF15F49046AB7A1F7CCB58B40522AFACE83B28DF3CD694CF00
                                                                                                                                                                            Function 00007FF8A80F9310 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3168844106-0
                                                                                                                                                                            • Opcode ID: 882a88c8d3e879b82982ac0d199ca3ddd429e327ed0d535db1bbaa6ab581db5e
                                                                                                                                                                            • Instruction ID: 97c74d78d463df34afbf66e32ce9f6f4abc7f3130d1171a52814eb8b0560d6c7
                                                                                                                                                                            • Opcode Fuzzy Hash: 882a88c8d3e879b82982ac0d199ca3ddd429e327ed0d535db1bbaa6ab581db5e
                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF06D32B19B8192EF14DB16F58546E77A0EB89BC0F585034EE9D07B58EF3CD8908B40
                                                                                                                                                                            Function 00007FF7CEDD3240 Relevance: 3.0, APIs: 2, Instructions: 28timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • InitializeCriticalSection.KERNEL32 ref: 00007FF7CEDD325A
                                                                                                                                                                            • QueryUnbiasedInterruptTime.KERNEL32 ref: 00007FF7CEDD3265
                                                                                                                                                                              • Part of subcall function 00007FF7CEF726C0: QueryUnbiasedInterruptTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7CEDD3281), ref: 00007FF7CEF726DD
                                                                                                                                                                              • Part of subcall function 00007FF7CEF726C0: GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF7CEDD3281), ref: 00007FF7CEF726F2
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: InterruptQueryTimeUnbiased$CriticalInitializeSectionSystemTimes
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2575030287-0
                                                                                                                                                                            • Opcode ID: 28ef30ddcf52d584fc779b9deb8e560bb088c138461754af21a93345401f040e
                                                                                                                                                                            • Instruction ID: 8b2817f765884bbd0f045915862c55d52aaed5ced7480d74fae85a5f0548eec7
                                                                                                                                                                            • Opcode Fuzzy Hash: 28ef30ddcf52d584fc779b9deb8e560bb088c138461754af21a93345401f040e
                                                                                                                                                                            • Instruction Fuzzy Hash: 27011B25D18ACA81FB40EF24E8911FAA360FFA9F54FD25231D58C56222EF6CE1D4C720
                                                                                                                                                                            Function 00007FF7CEF2F090 Relevance: 1.7, APIs: 1, Instructions: 203registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: QueryValue
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3660427363-0
                                                                                                                                                                            • Opcode ID: 9d094c8237740a39a985b724cb6291bb30abf5bfdde8689f8c4f365e02951575
                                                                                                                                                                            • Instruction ID: d619eea6d975bc551b0694772de495f108496d303430358885bdce24284c9281
                                                                                                                                                                            • Opcode Fuzzy Hash: 9d094c8237740a39a985b724cb6291bb30abf5bfdde8689f8c4f365e02951575
                                                                                                                                                                            • Instruction Fuzzy Hash: 6C718E63B14B8499E750DF65E8006ADB7A4FB88BE8F904136DE8C67B58DF38E191C740
                                                                                                                                                                            Function 00007FF7CEF8BAF0 Relevance: 1.6, APIs: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                            • Opcode ID: b6726eebe5970e935abaefb7d137f07d62176c837a0a187dfa538b9dca067bbd
                                                                                                                                                                            • Instruction ID: 9b4f078963bc1467de855086cba68089e9a560af1250cde236dcbee4c68d3684
                                                                                                                                                                            • Opcode Fuzzy Hash: b6726eebe5970e935abaefb7d137f07d62176c837a0a187dfa538b9dca067bbd
                                                                                                                                                                            • Instruction Fuzzy Hash: B0510371E1C6464AF7B4AF15E455376B790AB167B0F818139D9ADA3794CF3CE480CB20
                                                                                                                                                                            Function 00007FF7CEDE0E00 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 036b60b9a5608a972353f55c76257c3c3de1be0ed4c9d243318c1ada5509d892
                                                                                                                                                                            • Instruction ID: 943f2abd44415d61dcdfe4aa64f5fecfb87514002ceffd98aca639b149d165e7
                                                                                                                                                                            • Opcode Fuzzy Hash: 036b60b9a5608a972353f55c76257c3c3de1be0ed4c9d243318c1ada5509d892
                                                                                                                                                                            • Instruction Fuzzy Hash: CA41E362B18A4581EA18EF16E50817DB3A1BB48BF0F984631DEBD57BD5EE3CE451C310
                                                                                                                                                                            Function 00007FF8A81C6550 Relevance: 1.6, APIs: 1, Instructions: 94timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Timer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2870079774-0
                                                                                                                                                                            • Opcode ID: 3e0f9324c91d0e4cb8b6680f17c638e44b83f65749e50a22631373383cc5cf60
                                                                                                                                                                            • Instruction ID: db84817d14e2be9db36705bd4cf06cbfeb4ac5fde84c0cdbadbdfab204fdb345
                                                                                                                                                                            • Opcode Fuzzy Hash: 3e0f9324c91d0e4cb8b6680f17c638e44b83f65749e50a22631373383cc5cf60
                                                                                                                                                                            • Instruction Fuzzy Hash: 98413BB660BB56A2EE159B16E55027963A0FF88FC4F084035CF4E077A5DF6CE851C368
                                                                                                                                                                            Function 00007FF7CEDE0B80 Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3668304517-0
                                                                                                                                                                            • Opcode ID: 1a970ea930c52273f44d1ca795d77ac766d130a85468c4cadbdfcfdb0ed3ac60
                                                                                                                                                                            • Instruction ID: 833fea2647a986c1d93844d9b13aaaaa43acc944615ac19c6f72f075eac8a851
                                                                                                                                                                            • Opcode Fuzzy Hash: 1a970ea930c52273f44d1ca795d77ac766d130a85468c4cadbdfcfdb0ed3ac60
                                                                                                                                                                            • Instruction Fuzzy Hash: 5C11E322E19A4381EE58BF11F495279A2A0FF857A4FD40630EA9D23796DE7CD490C710
                                                                                                                                                                            Function 00007FF7CEF38430 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • DeviceIoControl.KERNEL32 ref: 00007FF7CEF384B3
                                                                                                                                                                              • Part of subcall function 00007FF7CEF377D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEF3846D), ref: 00007FF7CEF377F2
                                                                                                                                                                              • Part of subcall function 00007FF7CEF377D0: CreateFileW.KERNEL32 ref: 00007FF7CEF3786A
                                                                                                                                                                              • Part of subcall function 00007FF7CEF377D0: CreateFileW.KERNEL32 ref: 00007FF7CEF378F4
                                                                                                                                                                              • Part of subcall function 00007FF7CEF377D0: CreateFileW.KERNEL32 ref: 00007FF7CEF37961
                                                                                                                                                                              • Part of subcall function 00007FF7CEF377D0: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7CEF3846D), ref: 00007FF7CEF37972
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateFile$ControlCriticalDeviceEnterHandleModuleSection
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1346707572-0
                                                                                                                                                                            • Opcode ID: a71a14d10741d5f2aaa17c4273bacbbc2e94bbc5bb5be77c6d904aeafcddf90c
                                                                                                                                                                            • Instruction ID: 27201df26b9023b3aab424e5d2f2afc522be3a0756fde784e13484f9fcbea0b1
                                                                                                                                                                            • Opcode Fuzzy Hash: a71a14d10741d5f2aaa17c4273bacbbc2e94bbc5bb5be77c6d904aeafcddf90c
                                                                                                                                                                            • Instruction Fuzzy Hash: 09112876A08A818BEB50EF14F44036AB7A0FB84768F904235E69D46BE4DF7DE444CB20
                                                                                                                                                                            Function 00007FF7CEDD1CF3 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                            • Opcode ID: 8144beeb6fa609dada92a6fea63e07b8d53458a9455a758f1be5c4666efb7059
                                                                                                                                                                            • Instruction ID: cef3a0557cae04023b343cac482549d7276393a75eeebd0b5f53ffde2b9d64b1
                                                                                                                                                                            • Opcode Fuzzy Hash: 8144beeb6fa609dada92a6fea63e07b8d53458a9455a758f1be5c4666efb7059
                                                                                                                                                                            • Instruction Fuzzy Hash: 5E016132918B8281D710EF20E4900ACB364FBD5B54F858635EA8D133A5EF7CE5D0C320
                                                                                                                                                                            Function 00007FF8A83C0104 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,?,?,00007FF8A83CA4F1,?,?,00000000,00007FF8A83B9A8F,?,?,?,00007FF8A83BEBBF,?,?,?,00007FF8A83BEAB5), ref: 00007FF8A83C0142
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                            • Opcode ID: 3f9253aa019fcbf43e390d724155ba4e7012e79ae796e975e7c913fd655fb92f
                                                                                                                                                                            • Instruction ID: 9bdb108cd1c87216cb53085258534791b23fb60be8654d396f9fb4fe055a004e
                                                                                                                                                                            • Opcode Fuzzy Hash: 3f9253aa019fcbf43e390d724155ba4e7012e79ae796e975e7c913fd655fb92f
                                                                                                                                                                            • Instruction Fuzzy Hash: 95F08295F0FA86A4FE2566B1585427A6290CF447F0F0C4A34DE2E853D1DF5CF4498238
                                                                                                                                                                            Function 00007FF7CEE0A7A0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: __std_exception_destroy
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2453523683-0
                                                                                                                                                                            • Opcode ID: c3fe979e7cd3b96ce53fb02fece19a55337768ccc07c3e23f30270260611c1da
                                                                                                                                                                            • Instruction ID: 17df4242f9f86a6880a4158e897cc7e7d96e1a8747c3cd0b4f6bb2b290a68d0a
                                                                                                                                                                            • Opcode Fuzzy Hash: c3fe979e7cd3b96ce53fb02fece19a55337768ccc07c3e23f30270260611c1da
                                                                                                                                                                            • Instruction Fuzzy Hash: 96F01236A18B8191D710EF11F4400AAB364FB88BE4F919235EACD13765EF3CD194C720
                                                                                                                                                                            Function 00007FF7CEDD1A70 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Startup
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 724789610-0
                                                                                                                                                                            • Opcode ID: 1e288c9155c8e599032719a1e1eaa0fa6b432dbe33f8a6adf7b8321f94e9ea39
                                                                                                                                                                            • Instruction ID: ded03c1e932d7f323b855e6d38f570cc2515d7057c1fbdb9e1ce568ce5e6ab9f
                                                                                                                                                                            • Opcode Fuzzy Hash: 1e288c9155c8e599032719a1e1eaa0fa6b432dbe33f8a6adf7b8321f94e9ea39
                                                                                                                                                                            • Instruction Fuzzy Hash: 61E01275A1998681FBA0BF20E8553F5A360FB88714FC14136C58D66265DF2CD045CB20
                                                                                                                                                                            Function 00007FF8A8378434 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID:
                                                                                                                                                                            • Opcode ID: fc4444a0e3e3346595d44d73f38f1bec04145358c4951a3bdb1abde32390d778
                                                                                                                                                                            • Instruction ID: 46787dcbfca9ec84fa929235d9c9d29ead45ae0e2055dbc0a4e9f7c790719665
                                                                                                                                                                            • Opcode Fuzzy Hash: fc4444a0e3e3346595d44d73f38f1bec04145358c4951a3bdb1abde32390d778
                                                                                                                                                                            • Instruction Fuzzy Hash: 00D09250E1B90B64FD68A27618153B941809F083F8F5C17309A7D847D6BFDCE425813D
                                                                                                                                                                            Function 00007FF7CEFB0840 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF7CEFB53A9,?,?,00000000,00007FF7CEFAFDE3,?,?,?,00007FF7CEFAF867,?,?,?,00007FF7CEFAF75D), ref: 00007FF7CEFB087E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3340936679.00007FF7CEDD1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF7CEDD0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3340897101.00007FF7CEDD0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341128128.00007FF7CF010000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341237046.00007FF7CF0EF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341281479.00007FF7CF0F2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341318310.00007FF7CF0F7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341351062.00007FF7CF0F8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341406213.00007FF7CF0FC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341456472.00007FF7CF0FD000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341492899.00007FF7CF0FE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341525407.00007FF7CF0FF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341556558.00007FF7CF104000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341589067.00007FF7CF105000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341621648.00007FF7CF106000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341651579.00007FF7CF109000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341681973.00007FF7CF10B000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341713829.00007FF7CF10C000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF159000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3341883158.00007FF7CF15E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3342030097.00007FF7CF163000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff7cedd0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                            • Opcode ID: afa36db0b1c0426ef238510569de8cfb9ce05aa8ed4d70af3096684486d0051d
                                                                                                                                                                            • Instruction ID: 2eef4ea7d9eb9dafc5d15d8406e12fb8cd88ea5d01db91b2a87fbb3080fa7e20
                                                                                                                                                                            • Opcode Fuzzy Hash: afa36db0b1c0426ef238510569de8cfb9ce05aa8ed4d70af3096684486d0051d
                                                                                                                                                                            • Instruction Fuzzy Hash: B6F08210F1D743C1FAE83F7158416B5A2805F84BB0FC84634DCAEAA2D1DEACE64141B4

                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                            Function 00007FF8A81329D0 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 404registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                            • String ID: (@$-HTMLAYOUT-POPUP$-HTMLAYOUT-TOOL$HTMLAYOUT$HTMLAYOUT-POPUP$HTMLAYOUT-TOOL$P
                                                                                                                                                                            • API String ID: 2620246556-1650735011
                                                                                                                                                                            • Opcode ID: dca2c2cd1858a8d38724b748f2889dec79b4343741c257d05c29589acb2755f0
                                                                                                                                                                            • Instruction ID: 53036dc299832a47e15adeac2f6bd584f2c9d656b5933375feb4dae4108c2e3b
                                                                                                                                                                            • Opcode Fuzzy Hash: dca2c2cd1858a8d38724b748f2889dec79b4343741c257d05c29589acb2755f0
                                                                                                                                                                            • Instruction Fuzzy Hash: 17127532E0EB42A6F7A19B14E44027D77E4FB55785F100135EA9D87AA8DF7CE580CB18
                                                                                                                                                                            Function 00007FF8A8133050 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 400registryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                            • String ID: (@$-HTMLAYOUT-POPUP-W$-HTMLAYOUT-TOOL-W$HTMLAYOUT-POPUP-W$HTMLAYOUT-TOOL-W$HTMLAYOUT-W$P
                                                                                                                                                                            • API String ID: 2620246556-2858749733
                                                                                                                                                                            • Opcode ID: f32e8bfc6df2adef4a608511b9157037b0a380aec70794611e92cb3a37a0e695
                                                                                                                                                                            • Instruction ID: 0f053b757f256bff67d2d990eaba676c404dcfc899670c2a5000b12d615e4adc
                                                                                                                                                                            • Opcode Fuzzy Hash: f32e8bfc6df2adef4a608511b9157037b0a380aec70794611e92cb3a37a0e695
                                                                                                                                                                            • Instruction Fuzzy Hash: 0A123F32E0EB42A6F7A18B24F44027D73E4FB55794F145139E68D86AA4DF7CE580CB28
                                                                                                                                                                            Function 00007FF8A80FF040 Relevance: 31.7, APIs: 21, Instructions: 152nativeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Rect$Window$MetricsSystem$InflateLong$Offset$ClassClipCombineCreateDeleteExcludeFillIndirectNtdllObjectProc_Release
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1773055101-0
                                                                                                                                                                            • Opcode ID: ce8edf2270c47e3b3129de7a670884b3ee1aac4d9e9cbbd1e2f6b5939c595fa3
                                                                                                                                                                            • Instruction ID: d3ba3d3876256b409de45353c55fc3ae8536ee361f8b5454eb0f9527cd850dad
                                                                                                                                                                            • Opcode Fuzzy Hash: ce8edf2270c47e3b3129de7a670884b3ee1aac4d9e9cbbd1e2f6b5939c595fa3
                                                                                                                                                                            • Instruction Fuzzy Hash: 4C618135B06A02A6FF109B61E84866937B0FB48BD8F044531CE0E1B764DF7DE849C764
                                                                                                                                                                            Function 00007FF8A8298AE0 Relevance: 15.1, APIs: 10, Instructions: 89clipboardmemoryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Global$Clipboard$AllocByteCharDataLockMultiUnlockWide$CloseOpen
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2505041382-0
                                                                                                                                                                            • Opcode ID: a1a8d5105fa335b4da135ec4fab4c9fc27a8f0e68b10a265222f39e71d84bd9d
                                                                                                                                                                            • Instruction ID: 2a91973f3b909c41213ed493aa0b11dfcfea8863e68d14742629c4e93beaac16
                                                                                                                                                                            • Opcode Fuzzy Hash: a1a8d5105fa335b4da135ec4fab4c9fc27a8f0e68b10a265222f39e71d84bd9d
                                                                                                                                                                            • Instruction Fuzzy Hash: 47416E7660BF82A6EA149B11E45417973A0FB48FD4F084035DE8E077A9DF3CE851C764
                                                                                                                                                                            Function 00007FF8A812EFA0 Relevance: 12.2, APIs: 8, Instructions: 234COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$CreateLongObjectSelect$CompatibleDeleteRectSection
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3118830011-0
                                                                                                                                                                            • Opcode ID: f2d8902a14efe9c1c1baf0cf43620f98adbb1fdc8c57e14fc4e1e13827362596
                                                                                                                                                                            • Instruction ID: 41eda6b6a54290e675a30d0f0f91c2e46b7231b327f195d724ef73c4ec161747
                                                                                                                                                                            • Opcode Fuzzy Hash: f2d8902a14efe9c1c1baf0cf43620f98adbb1fdc8c57e14fc4e1e13827362596
                                                                                                                                                                            • Instruction Fuzzy Hash: B1C19C36A0AB819AEB20CF35E8406AD73A0FB88B88F404136DE4D57B68DF78D545CB54
                                                                                                                                                                            Function 00007FF8A83B8EA4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                            • Opcode ID: d50ba2b3d08042b95fb5676ad44282ad009feb2c2db3e1e9b420209ead40d217
                                                                                                                                                                            • Instruction ID: 6bd1ca21354e16ee64b901a62bcbca6b7a97139a69f854b078b2f1bb752c7b6c
                                                                                                                                                                            • Opcode Fuzzy Hash: d50ba2b3d08042b95fb5676ad44282ad009feb2c2db3e1e9b420209ead40d217
                                                                                                                                                                            • Instruction Fuzzy Hash: 0C31B032619F81A6EB60CF24E8442BE73A1FB88798F440135EA8D47B94EF7CD555CB14
                                                                                                                                                                            Function 00007FF8A83AFFF0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1502251526-3916222277
                                                                                                                                                                            • Opcode ID: 5d054bfc6a733c7670e92203fbee34688794374a43823342ea81524ba96ba134
                                                                                                                                                                            • Instruction ID: 9ba4a44c2ec6bebdd6db4dbc95ff8f4d28c2c761ab11dd4f77fdc6de13cc03ca
                                                                                                                                                                            • Opcode Fuzzy Hash: 5d054bfc6a733c7670e92203fbee34688794374a43823342ea81524ba96ba134
                                                                                                                                                                            • Instruction Fuzzy Hash: CCC1E2B2E1AA869BDB24CF59E058A6EB791F7847C4F08C135DB4A47B44DB3CE804CB14
                                                                                                                                                                            Function 00007FF8A80FEF00 Relevance: 4.5, APIs: 3, Instructions: 26keyboardCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AsyncState
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 425341421-0
                                                                                                                                                                            • Opcode ID: ba6fea13b538c326a6dc628808fc8051e656365d52cf1762d95aab9a1968fcbc
                                                                                                                                                                            • Instruction ID: 1a71322cd60533974cb5917478386aa83d3e6c39e31ba50de525699325648924
                                                                                                                                                                            • Opcode Fuzzy Hash: ba6fea13b538c326a6dc628808fc8051e656365d52cf1762d95aab9a1968fcbc
                                                                                                                                                                            • Instruction Fuzzy Hash: 35E06D3AB04F4193FB082B51FC9127965A2FB88381F494438DEAB473A1CFAD98829210
                                                                                                                                                                            Function 00007FF8A81859D0 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 180libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressProc$Version$LibraryLoad
                                                                                                                                                                            • String ID: A$CloseThemeData$DrawThemeBackground$DrawThemeText$GetThemeBackgroundContentRect$GetThemeInt$GetThemePartSize$IsThemeBackgroundPartiallyTransparent$OpenThemeData$SetWindowTheme$UXTHEME.DLL
                                                                                                                                                                            • API String ID: 29192645-1228588308
                                                                                                                                                                            • Opcode ID: 75c69dca568c91c2c39d089a2145e7b9fffd61a2c421d3e2eb14cb6f2e993663
                                                                                                                                                                            • Instruction ID: 7613e063c97e4fcae882332d15a97a3128220760dc1b0958ff958db1feea538f
                                                                                                                                                                            • Opcode Fuzzy Hash: 75c69dca568c91c2c39d089a2145e7b9fffd61a2c421d3e2eb14cb6f2e993663
                                                                                                                                                                            • Instruction Fuzzy Hash: 8BA13825E0FA43AAFA618F10E8897B533A1FF943C8F441136D54D862A4DF6DE585C738
                                                                                                                                                                            Function 00007FF8A8108BC0 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 355COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$CriticalSection$Rect$EnterLeaveLong$ClassClientCursorLoadObjectRegisterStockVersion$AdjustCreateDesktopParentText
                                                                                                                                                                            • String ID: title
                                                                                                                                                                            • API String ID: 2376530372-724990059
                                                                                                                                                                            • Opcode ID: 74695c080d5c9dabdc48a0f99bc9091c70d9cd2aa35611b947072ff467a12ced
                                                                                                                                                                            • Instruction ID: f8c5f215f375b3afb4d85315f2b5f3acf12540ab5845ad0409edeb8ae01e8e36
                                                                                                                                                                            • Opcode Fuzzy Hash: 74695c080d5c9dabdc48a0f99bc9091c70d9cd2aa35611b947072ff467a12ced
                                                                                                                                                                            • Instruction Fuzzy Hash: 20F16A32B0AA02AAEB15DB65E8506AD73B1FB44BC8F044535DE0E57B98EF3CE904C754
                                                                                                                                                                            Function 00007FF8A8125A10 Relevance: 30.5, APIs: 20, Instructions: 492COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$Delete$ReleaseRestoreStock$AlignRectScrollTextValidate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3282784917-0
                                                                                                                                                                            • Opcode ID: 27f46958cb07384fa85686faee83dbdc6e994c876c5f8e8042b8136120e78aaa
                                                                                                                                                                            • Instruction ID: 24daba359c8217f273cc5e7492202cbc1ff7e4bc57e3c458ca90f7b7a61096f6
                                                                                                                                                                            • Opcode Fuzzy Hash: 27f46958cb07384fa85686faee83dbdc6e994c876c5f8e8042b8136120e78aaa
                                                                                                                                                                            • Instruction Fuzzy Hash: 99325D76A16B819AEB10CF65D8802AD77B1FB88BC8F048135DE4D07B68DF78E944CB54
                                                                                                                                                                            Function 00007FF8A8172F30 Relevance: 24.1, APIs: 16, Instructions: 124windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Color$Object$BrushText$CreateDeleteSelect$BitmapPattern
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 800347078-0
                                                                                                                                                                            • Opcode ID: 4193f621a6b04f043c78ebd3a3fc9499ef1d187408a6ffba44af1accb25feb24
                                                                                                                                                                            • Instruction ID: 0350be0a461a64ea243315fbaf004cf0573afd1f6318c606fe2598f0e10cf8eb
                                                                                                                                                                            • Opcode Fuzzy Hash: 4193f621a6b04f043c78ebd3a3fc9499ef1d187408a6ffba44af1accb25feb24
                                                                                                                                                                            • Instruction Fuzzy Hash: F851573670AA9196D701CF22E84892A37A4FB89BD8F168035EE4E47714DF3AE885C744
                                                                                                                                                                            Function 00007FF8A80F5E80 Relevance: 24.1, APIs: 16, Instructions: 99windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ObjectViewport$CompatibleCreateModeSelectWindow$BeginBitmapClientPaintRectStock
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3586948744-0
                                                                                                                                                                            • Opcode ID: e7800f3404ee7cfba3a0227d07f66544f585e4bae452b07fa9e28b53aced8ab6
                                                                                                                                                                            • Instruction ID: b20d3545774accc6cf7e7477fd0097576726ff58ef75fd88cfc29ca9e7506cfe
                                                                                                                                                                            • Opcode Fuzzy Hash: e7800f3404ee7cfba3a0227d07f66544f585e4bae452b07fa9e28b53aced8ab6
                                                                                                                                                                            • Instruction Fuzzy Hash: 3F511A36709E4196EB10DF35E845A6973A0FB88F88F048135CE8D4B728DF79E884CB94
                                                                                                                                                                            Function 00007FF8A80F6C80 Relevance: 19.6, APIs: 13, Instructions: 86windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$MessageSendViewport$ClipLayoutLongParentPointsRectRestoreSave
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1374418031-0
                                                                                                                                                                            • Opcode ID: e44635f4067a275b0f6494861802cd1ea4e0d5330f7de745f1955e2869e7770d
                                                                                                                                                                            • Instruction ID: 75b81e6939f38309d0164ba3990bbb50228d937fc8801f38c50c4cb663752b0a
                                                                                                                                                                            • Opcode Fuzzy Hash: e44635f4067a275b0f6494861802cd1ea4e0d5330f7de745f1955e2869e7770d
                                                                                                                                                                            • Instruction Fuzzy Hash: 2431623560DA4197EA20DF25F80466A7761FBC9BC8F088234EE8E07B58DF7DE9058B54
                                                                                                                                                                            Function 00007FF8A80FA9B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Cursor$Load
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1675784387-3916222277
                                                                                                                                                                            • Opcode ID: 54e6e24cf99ec81fc7fdc432efb11c995f3f5f992107ba06b05eab6533c5b76a
                                                                                                                                                                            • Instruction ID: dabc85a53db2cf1be479d97c2d3c66d807bdb0c1676d518bbcb40775dc54bd88
                                                                                                                                                                            • Opcode Fuzzy Hash: 54e6e24cf99ec81fc7fdc432efb11c995f3f5f992107ba06b05eab6533c5b76a
                                                                                                                                                                            • Instruction Fuzzy Hash: CAA15F31E0F642AEFF648B10D48427923A2FB947C8F118535C90D466A4EFBCE955D3B8
                                                                                                                                                                            Function 00007FF8A81090F0 Relevance: 18.2, APIs: 12, Instructions: 155COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$CriticalSection$EnterLeaveLong$ClientCreateDialogRect
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 795340837-0
                                                                                                                                                                            • Opcode ID: f62c34697f63ab5a07ad4f6e70544a778dca9dadd1eb7148c9ab352a60331453
                                                                                                                                                                            • Instruction ID: 6cc3888a4d2703d96052b7650fe4272f776828b391a81e7b2d7721e2bc338e42
                                                                                                                                                                            • Opcode Fuzzy Hash: f62c34697f63ab5a07ad4f6e70544a778dca9dadd1eb7148c9ab352a60331453
                                                                                                                                                                            • Instruction Fuzzy Hash: 2F619F61A0AB4292EB15DF25A85423973B1FF84BC4F194035DA4D4B7A4EF3CEC45CB68
                                                                                                                                                                            Function 00007FF8A8188EF0 Relevance: 16.7, APIs: 11, Instructions: 209COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$CapsDeviceReleaseSelect$EnumFamiliesFontMetricsText
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4007977802-0
                                                                                                                                                                            • Opcode ID: 5f6f0503ee1a1776def36467b6cc99a924c404ca3f9373fa61b7bdceafa82f90
                                                                                                                                                                            • Instruction ID: 27e5f17767211afc7587592f6e50bdf29317e48a6cdf1bfec0947b3c29773a9e
                                                                                                                                                                            • Opcode Fuzzy Hash: 5f6f0503ee1a1776def36467b6cc99a924c404ca3f9373fa61b7bdceafa82f90
                                                                                                                                                                            • Instruction Fuzzy Hash: FE914432A0FB82A6EB11CB21E404679B7A1FB48BD4F094135EA9D47B94EF3CE841C714
                                                                                                                                                                            Function 00007FF8A8109930 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$ByteCharCloseHandleMultiViewWide$FlushPointerUnmap
                                                                                                                                                                            • String ID: Could not flush memory to disk.
                                                                                                                                                                            • API String ID: 3763602750-1683962931
                                                                                                                                                                            • Opcode ID: e06719084ca0766f26da0172c99ed779d1e44a3768b58edab8409d9f2cad8007
                                                                                                                                                                            • Instruction ID: 4c78bf08277fb09d145601af23e7a5078a61c3d18667b1106df649eb6e5ac891
                                                                                                                                                                            • Opcode Fuzzy Hash: e06719084ca0766f26da0172c99ed779d1e44a3768b58edab8409d9f2cad8007
                                                                                                                                                                            • Instruction Fuzzy Hash: 77815E22B0AB41A5EB118F61D8502A977B0FF48BE8F084134DE5D67BA5EF7CE845C314
                                                                                                                                                                            Function 00007FF8A812FFE0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 143COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$Create$LongUnicode
                                                                                                                                                                            • String ID: -HTMLAYOUT-TOOL$-HTMLAYOUT-TOOL-W$HTMLAYOUT-TOOL$HTMLAYOUT-TOOL-W$RUNTIME ERROR: unable to create popup window.
                                                                                                                                                                            • API String ID: 3856304439-2965759816
                                                                                                                                                                            • Opcode ID: 56a3baebb4cb9bf7bdad0aac01cf519258cd1e40c9a80a2df1e8a62922839e47
                                                                                                                                                                            • Instruction ID: 9c588ec88a71985818eb835b445d4714dc8b9c1eae833a69d73fb675eac6cb29
                                                                                                                                                                            • Opcode Fuzzy Hash: 56a3baebb4cb9bf7bdad0aac01cf519258cd1e40c9a80a2df1e8a62922839e47
                                                                                                                                                                            • Instruction Fuzzy Hash: C0519232A0AB8296E755CB24E85077977A1FB44BE4F144239EE5D03BA4CF7CE881C718
                                                                                                                                                                            Function 00007FF8A80F6040 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$DeleteSelect$PaintViewportWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 644032327-3916222277
                                                                                                                                                                            • Opcode ID: 67f7ad877d61c625103079a693d4569b067ee8d5fab68d02edec5cb1c63683a7
                                                                                                                                                                            • Instruction ID: 93f071ed87487db8340d1940599e36a00e3ce4994f1df43fe60454dd590f93be
                                                                                                                                                                            • Opcode Fuzzy Hash: 67f7ad877d61c625103079a693d4569b067ee8d5fab68d02edec5cb1c63683a7
                                                                                                                                                                            • Instruction Fuzzy Hash: A9216B36715A81D6DB50DF35E490A297760FB88F88F088135DE4D47728CF78E884CB54
                                                                                                                                                                            Function 00007FF8A8174E60 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$AddressCompatibleCreateDeleteLibraryLoadProc
                                                                                                                                                                            • String ID: AlphaBlend$Msimg32.dll
                                                                                                                                                                            • API String ID: 1553575486-1584225664
                                                                                                                                                                            • Opcode ID: fa080bd3f348bdc9768bc887b5b335543963266cd3f123a7aa1efb98c217684d
                                                                                                                                                                            • Instruction ID: 721978ec5cbb46bfd63be4b781d3c4f1ea9dd3767e982a76751c11754f5aa9b1
                                                                                                                                                                            • Opcode Fuzzy Hash: fa080bd3f348bdc9768bc887b5b335543963266cd3f123a7aa1efb98c217684d
                                                                                                                                                                            • Instruction Fuzzy Hash: 89A19F32A1AB919AE710CF29E8446AD77A4FB88BC8F144139DE4D17B64CF3CE845CB54
                                                                                                                                                                            Function 00007FF8A8124FF0 Relevance: 13.6, APIs: 9, Instructions: 96windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$FocusRectShow$LongMoveParent
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4135828658-0
                                                                                                                                                                            • Opcode ID: d6285ab57896242f872157f37c1106130a925a56056fef8751da000a1649a3cd
                                                                                                                                                                            • Instruction ID: ad4004464a2e5db0282c838e7782243d7f629b07944791b284514e41d0919b74
                                                                                                                                                                            • Opcode Fuzzy Hash: d6285ab57896242f872157f37c1106130a925a56056fef8751da000a1649a3cd
                                                                                                                                                                            • Instruction Fuzzy Hash: 2341CD32719A8197E760CB21F984A6EB7A1FB84BC4F108134DA9A07B14EF3DEC45CB14
                                                                                                                                                                            Function 00007FF8A8170E40 Relevance: 13.6, APIs: 9, Instructions: 53COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$SelectStock$AlignModeText
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 120275662-0
                                                                                                                                                                            • Opcode ID: 6b74b9da204ba8fd895e6ec8865797b612de59ad64470ee792e086b9ec6d16f5
                                                                                                                                                                            • Instruction ID: f3faf7309d493d827f630b9465bc3ef051424f206f95e657128bef12346bd5b9
                                                                                                                                                                            • Opcode Fuzzy Hash: 6b74b9da204ba8fd895e6ec8865797b612de59ad64470ee792e086b9ec6d16f5
                                                                                                                                                                            • Instruction Fuzzy Hash: 3221CD76A0AF4196DB048F21E45462977A1FB88F98F188135CE4D4B368DF7EE884C794
                                                                                                                                                                            Function 00007FF8A82DBB80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$CloseHandleView$FlushPointerUnmap
                                                                                                                                                                            • String ID: Could not flush memory to disk.
                                                                                                                                                                            • API String ID: 519454899-1683962931
                                                                                                                                                                            • Opcode ID: a59a20a507ae7d696e26f6fdb1f73b74851a39b21b555b9cc5a542ded406c25b
                                                                                                                                                                            • Instruction ID: 93bf3c0ae51e59aff053e67fe891d12edd6e7fd808469b5644b37b8526646fd3
                                                                                                                                                                            • Opcode Fuzzy Hash: a59a20a507ae7d696e26f6fdb1f73b74851a39b21b555b9cc5a542ded406c25b
                                                                                                                                                                            • Instruction Fuzzy Hash: 48213062A0A942A5FB248F30D4643382760FF54F99F184235CE5E4A1DCCFBCD895C7A8
                                                                                                                                                                            Function 00007FF8A810A120 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3346625119-0
                                                                                                                                                                            • Opcode ID: 58e90602c575e1f6d8888c32036c3b3e232b37e0f3a9c10ed99ddc55e13a2af3
                                                                                                                                                                            • Instruction ID: 0830d4bbf4746c42675e6bf9da7cecd05664d9c41f67ad20c8267dda50d05fe4
                                                                                                                                                                            • Opcode Fuzzy Hash: 58e90602c575e1f6d8888c32036c3b3e232b37e0f3a9c10ed99ddc55e13a2af3
                                                                                                                                                                            • Instruction Fuzzy Hash: 81A1A176A19B819AE700CF65E8402ADB7B1FB88B98F045135EE8D47B68DF7CD845CB40
                                                                                                                                                                            Function 00007FF8A8109E70 Relevance: 10.7, APIs: 7, Instructions: 174COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3346625119-0
                                                                                                                                                                            • Opcode ID: 4ccd0a9173114f9239970e019711b96349d5cac11e4528948eb2e45e43f250d1
                                                                                                                                                                            • Instruction ID: 2593bffc789dec3bd4339e81e3855ab815fe51d93d2482f2252a397f6e1f7047
                                                                                                                                                                            • Opcode Fuzzy Hash: 4ccd0a9173114f9239970e019711b96349d5cac11e4528948eb2e45e43f250d1
                                                                                                                                                                            • Instruction Fuzzy Hash: C3817F33A1AB819AE700CF65E84066EB7B1FB88798F104225EE8D57B58DF7CE445CB44
                                                                                                                                                                            Function 00007FF8A80FAD10 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: FileTemp$CursorFromLoadNamePath
                                                                                                                                                                            • String ID: cur$wb+
                                                                                                                                                                            • API String ID: 2710153881-2052460546
                                                                                                                                                                            • Opcode ID: 04cc80c84db864875c7b023370f33a6e0518fac3f7f97c7bf57aed76f34358cc
                                                                                                                                                                            • Instruction ID: acf821af47475a3281c78c55749a1402fbd5b87cb4c05296186f7ddc22f0fde4
                                                                                                                                                                            • Opcode Fuzzy Hash: 04cc80c84db864875c7b023370f33a6e0518fac3f7f97c7bf57aed76f34358cc
                                                                                                                                                                            • Instruction Fuzzy Hash: E8716F72B0BA42A6EE209B10E5442B963A1FF45BD8F488131DA5D0B7D4DFBCEC15C724
                                                                                                                                                                            Function 00007FF8A8131E30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID:
                                                                                                                                                                            • String ID: DISPLAY
                                                                                                                                                                            • API String ID: 0-865373369
                                                                                                                                                                            • Opcode ID: e89a10e3b25d851e65203a3a7f830cc55991e84142be60b1ee572a5089cddad4
                                                                                                                                                                            • Instruction ID: 1680aa73a0f4e1b98dc8dc4ec396bb4714db4d425e22274ac4b9cc5d04b2336d
                                                                                                                                                                            • Opcode Fuzzy Hash: e89a10e3b25d851e65203a3a7f830cc55991e84142be60b1ee572a5089cddad4
                                                                                                                                                                            • Instruction Fuzzy Hash: D8618033A19A819BE741DF25E8806AD77A1FB84788F048436EE4E57B58DF3CE904CB54
                                                                                                                                                                            Function 00007FF8A80FEC80 Relevance: 10.6, APIs: 7, Instructions: 85timewindowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: KillTimer$ClickCountCtrlDoubleMessageParentSendTickTime
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4083620262-0
                                                                                                                                                                            • Opcode ID: 9e4e0e83d3e7de2e13254588f9f5a4d96801111bcbeb4be814ffbbbed9fa04b2
                                                                                                                                                                            • Instruction ID: 9ae1e5ff48c6be296697dcb25ad8d5d6740644e9c724a35404730c067e304438
                                                                                                                                                                            • Opcode Fuzzy Hash: 9e4e0e83d3e7de2e13254588f9f5a4d96801111bcbeb4be814ffbbbed9fa04b2
                                                                                                                                                                            • Instruction Fuzzy Hash: A341CE3260AB81A7DA189F25E448269B3A0FB88BD4F044135EA5E0B794CF7CE864CB54
                                                                                                                                                                            Function 00007FF8A80F6EC3 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$Leave$Value$EnterHookUnhookWindows
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1904704018-0
                                                                                                                                                                            • Opcode ID: a42918b994e04d5e58e57aaafaa0fc39e551de2d39d8394ed08774b79015c5f9
                                                                                                                                                                            • Instruction ID: c80081f30e60b37badb32cce87fb6799fcf9712661bee98c2955ecb1b84025dd
                                                                                                                                                                            • Opcode Fuzzy Hash: a42918b994e04d5e58e57aaafaa0fc39e551de2d39d8394ed08774b79015c5f9
                                                                                                                                                                            • Instruction Fuzzy Hash: 3D316026B0AA06A3EE059B25D95417863A1FF45FD9F098031CD0E077A1CF7DEC56C218
                                                                                                                                                                            Function 00007FF8A817EA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateObjectSelect$CompatibleDeleteSection
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1921846281-3916222277
                                                                                                                                                                            • Opcode ID: 2cc848c76c38cfa63847058d6e391336b4ecb31067088132384027aee3343cd3
                                                                                                                                                                            • Instruction ID: 23c87e7d07ec95adcf1ae593c8fffeb3eb711cef154ae837f071433aa8b4f182
                                                                                                                                                                            • Opcode Fuzzy Hash: 2cc848c76c38cfa63847058d6e391336b4ecb31067088132384027aee3343cd3
                                                                                                                                                                            • Instruction Fuzzy Hash: 00219F32619B909AD714CF69E448A6D77A4F789FD4F028035DE4D43B14EF39D845CB44
                                                                                                                                                                            Function 00007FF8A8171E70 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$DeleteSelectStock$Restore
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1965476268-0
                                                                                                                                                                            • Opcode ID: c7112bbd8ad19d664cd3d4ce59dd28258f2cc1bd6aed3929f198b13fe1b86dbc
                                                                                                                                                                            • Instruction ID: ba4752a7ad5620c2b4a68b81bbe30283e4df38f8071dfe70a6a317a9e3f5a790
                                                                                                                                                                            • Opcode Fuzzy Hash: c7112bbd8ad19d664cd3d4ce59dd28258f2cc1bd6aed3929f198b13fe1b86dbc
                                                                                                                                                                            • Instruction Fuzzy Hash: 35212125B0AA4292EF159F11E48467D63A1EF88FC5F084039DE4E0B359DF3DE895C794
                                                                                                                                                                            Function 00007FF8A8170F30 Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$Delete$AlignReleaseText
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2724912489-0
                                                                                                                                                                            • Opcode ID: ce7877d45820e50833c6ac42c57d90047f6bf82d145e7fc81f96e98d8d0d7241
                                                                                                                                                                            • Instruction ID: 7772fe645237d33b0c3739e8fad5243da3d7243fa80cf815ddbfda358e293c43
                                                                                                                                                                            • Opcode Fuzzy Hash: ce7877d45820e50833c6ac42c57d90047f6bf82d145e7fc81f96e98d8d0d7241
                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21E976A06B4292DB549F25E49472963A0FB48F88F088035DE4E4B368DF7DE885C7A4
                                                                                                                                                                            Function 00007FF8A81339F8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 36registryclipboardCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                                                                                            • String ID: English$HTMLayoutTransferFocus$HTMLayoutWhois$lf'
                                                                                                                                                                            • API String ID: 1228543026-3013438658
                                                                                                                                                                            • Opcode ID: babbb48c047d623e1600ab29f5d925753b8cf4cf030b367df3eafaa86ec292f3
                                                                                                                                                                            • Instruction ID: 06a5d47aaee73d23170bf1ccbcd9b23546464adf0a0bffdad9555139d97d276d
                                                                                                                                                                            • Opcode Fuzzy Hash: babbb48c047d623e1600ab29f5d925753b8cf4cf030b367df3eafaa86ec292f3
                                                                                                                                                                            • Instruction Fuzzy Hash: FD111E65E0BB83E4FA569B60E8642B43790EF41BC0F449136C60E97692DF6DA445C32C
                                                                                                                                                                            Function 00007FF8A814FC70 Relevance: 9.2, APIs: 6, Instructions: 189COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$CreateDeleteFont
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1981917228-0
                                                                                                                                                                            • Opcode ID: 6c73325ca5b4aee250ca5d1c211a6d48387dcc906cefe43a6110ed8d2596a180
                                                                                                                                                                            • Instruction ID: 55edc06ee3f2d5ed1f8791ea60e9ef4797dbba7747122f2744aed9ba2a0b4b0c
                                                                                                                                                                            • Opcode Fuzzy Hash: 6c73325ca5b4aee250ca5d1c211a6d48387dcc906cefe43a6110ed8d2596a180
                                                                                                                                                                            • Instruction Fuzzy Hash: 1B8167B2A09A81DADB20CF25D04066D7BA1FB89FC8F154235DE4D47759CF39E850CB94
                                                                                                                                                                            Function 00007FF8A80F7F3E Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeaveLongWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1534508445-0
                                                                                                                                                                            • Opcode ID: 2654eb159ceaac5b5061cfe5a3b008dea47fcf9bf1efe6aa63d229ff81b0b155
                                                                                                                                                                            • Instruction ID: 339c79d306f9376700c1bd0bb72be60159639bd081bf2a61762c569c4c9318e9
                                                                                                                                                                            • Opcode Fuzzy Hash: 2654eb159ceaac5b5061cfe5a3b008dea47fcf9bf1efe6aa63d229ff81b0b155
                                                                                                                                                                            • Instruction Fuzzy Hash: C1513732B06B81A7DA0ACB35EA842A9B7A8FF44B84F444135CB5D17761DF38A536D318
                                                                                                                                                                            Function 00007FF8A812EDF0 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$Concurrency::cancel_current_taskDestroyParentUpdate
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2364769541-0
                                                                                                                                                                            • Opcode ID: 84006ea7a46b469e9a9fc6f157db765d622cb77304bb2bfb2e72d4aaa374a56a
                                                                                                                                                                            • Instruction ID: 1ecb805a710a0a4e743cc1bfa20092b7dee60f185aa091d6b08076d615fb8366
                                                                                                                                                                            • Opcode Fuzzy Hash: 84006ea7a46b469e9a9fc6f157db765d622cb77304bb2bfb2e72d4aaa374a56a
                                                                                                                                                                            • Instruction Fuzzy Hash: 9341553260AF86A6EB149F15E89062873A8FF88FC4F194031DA8E47724EF7DD805C724
                                                                                                                                                                            Function 00007FF8A80F7AC0 Relevance: 9.1, APIs: 6, Instructions: 100timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Timer$ClickClientCriticalDoubleLeaveLongScreenSectionTimeWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3215539043-0
                                                                                                                                                                            • Opcode ID: 73618138e51436ca7ae3cbcba2d907d386295a873e6ebe18a6ffc502ab9ade28
                                                                                                                                                                            • Instruction ID: 445e73cd6f4ce1e1105fb8b31b8d676bdbd4df7be1ba67485d14209c122f3a88
                                                                                                                                                                            • Opcode Fuzzy Hash: 73618138e51436ca7ae3cbcba2d907d386295a873e6ebe18a6ffc502ab9ade28
                                                                                                                                                                            • Instruction Fuzzy Hash: C0418E32705A819BDB58CF24D9946AA77A4FB48B88F058136DF0D437A4CF78E865C714
                                                                                                                                                                            Function 00007FF8A80F7CA2 Relevance: 9.1, APIs: 6, Instructions: 78timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AsyncState$KillTimer$ClickClientCountCriticalDoubleLeaveScreenSectionTickTime
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2332058121-0
                                                                                                                                                                            • Opcode ID: 084f349b1b189a55a74834c4cf293ee88d365f6df142d3a0e21a9ad35a89320c
                                                                                                                                                                            • Instruction ID: da052ee09a40bc72806979bab4f2d69cc83eebf75694cac34714ac3b7cfa9159
                                                                                                                                                                            • Opcode Fuzzy Hash: 084f349b1b189a55a74834c4cf293ee88d365f6df142d3a0e21a9ad35a89320c
                                                                                                                                                                            • Instruction Fuzzy Hash: A9319E36706A41A7DB19DB25D9542BD73A0FB48BD8F004132CA1E477A4CF7DE865C714
                                                                                                                                                                            Function 00007FF8A80F7BEF Relevance: 9.1, APIs: 6, Instructions: 70timeCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AsyncState$ClickDoubleTime$ClientCountCriticalLeaveScreenSectionTickTimer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1680461691-0
                                                                                                                                                                            • Opcode ID: 5898837dbd1c530e901a56689a693911186bb106a95ddecfe80104208d7871cd
                                                                                                                                                                            • Instruction ID: 738dd2c95fae0ec97d22ee6e240f3f0af349a6e29461d4e273b1d27c8635acc1
                                                                                                                                                                            • Opcode Fuzzy Hash: 5898837dbd1c530e901a56689a693911186bb106a95ddecfe80104208d7871cd
                                                                                                                                                                            • Instruction Fuzzy Hash: B4317C32B06A81A7DB19DF25E9546A873A0FB48BC8F058036CA0D47760CF79E826C718
                                                                                                                                                                            Function 00007FF8A81310B0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Viewport$ClipIntersectModeRectWindow
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 694020364-0
                                                                                                                                                                            • Opcode ID: 11e84b0f90f8018a7d5956ee321d52f42eb87c0f7e65f51faba8dfa75eb97e10
                                                                                                                                                                            • Instruction ID: d443253e7e8babd45f18300be1f4591e9065cc993d2466d2ee5d403a8d6e7ad4
                                                                                                                                                                            • Opcode Fuzzy Hash: 11e84b0f90f8018a7d5956ee321d52f42eb87c0f7e65f51faba8dfa75eb97e10
                                                                                                                                                                            • Instruction Fuzzy Hash: E4210A76704A849BD314CF16EA40A1AB7A0FB89BC4F14C125DF8547B28CF3DF8658B40
                                                                                                                                                                            Function 00007FF8A81A9C70 Relevance: 9.1, APIs: 6, Instructions: 60sleepCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9C95
                                                                                                                                                                            • RtlLeaveCriticalSection.NTDLL ref: 00007FF8A81A9CD6
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9CE8
                                                                                                                                                                            • RtlLeaveCriticalSection.NTDLL ref: 00007FF8A81A9D1C
                                                                                                                                                                            • SetEvent.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D34
                                                                                                                                                                            • Sleep.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D3F
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$EventSleep
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2153927836-0
                                                                                                                                                                            • Opcode ID: 14a5285f25157143b16b5cbfab45d6ae2c043b77e3b06e13389ec8df90a851ce
                                                                                                                                                                            • Instruction ID: 01e98fe4b34e747914e43a1b84376b5c9c8c05de09c5bf2fc20d384346744c37
                                                                                                                                                                            • Opcode Fuzzy Hash: 14a5285f25157143b16b5cbfab45d6ae2c043b77e3b06e13389ec8df90a851ce
                                                                                                                                                                            • Instruction Fuzzy Hash: DF21D33660AB42A6EB158F26E54026AB7B0FB84BC4F484031CB9E47B64DF7DE885C754
                                                                                                                                                                            Function 00007FF8A80FEE00 Relevance: 9.1, APIs: 6, Instructions: 56timewindowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ClickDoubleFocusTime$CountTickTimer
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4271707189-0
                                                                                                                                                                            • Opcode ID: c19cbb4b9da62d9f153ee1cdb27c6d7f83590c80cb4fea88dc43f10c8e5efc51
                                                                                                                                                                            • Instruction ID: 9c3c4c8c94024a0b9ddbc6605b52533dbd7d97183c1caf2741b847a9dd4dc878
                                                                                                                                                                            • Opcode Fuzzy Hash: c19cbb4b9da62d9f153ee1cdb27c6d7f83590c80cb4fea88dc43f10c8e5efc51
                                                                                                                                                                            • Instruction Fuzzy Hash: D521BD32A09B81A7DB08CF25E54866DB7A0FB88B84F088135DB8D47714CF7CE824CB54
                                                                                                                                                                            Function 00007FF8A8297F30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103clipboardregistryCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Clipboard$CloseEmptyFormatOpenRegister
                                                                                                                                                                            • String ID: HTML Format
                                                                                                                                                                            • API String ID: 2398088879-1098232656
                                                                                                                                                                            • Opcode ID: ce927c0543dde8b722540e270525681260c9a0d05d59d3d81afd01d5a694ebe7
                                                                                                                                                                            • Instruction ID: a6b4dfe91b9e693a41307fdfde9bf3f9b7957ae08a1e0d1a0eff76cc543fb976
                                                                                                                                                                            • Opcode Fuzzy Hash: ce927c0543dde8b722540e270525681260c9a0d05d59d3d81afd01d5a694ebe7
                                                                                                                                                                            • Instruction Fuzzy Hash: 4341BD36A16F15A9EB048FA5E8901BC33B4FB48B88F084536DE5D57B68DF78D860C364
                                                                                                                                                                            Function 00007FF8A80F1100 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                            • String ID: ImmReleaseContext$imm32.dll
                                                                                                                                                                            • API String ID: 145871493-791212443
                                                                                                                                                                            • Opcode ID: 62e899504c771822283223a634c772ed98b9d5ec0be683d09e194f1bd6caa004
                                                                                                                                                                            • Instruction ID: aac3fe40bfaff094e87b562552d3a09cb0754eba0c81bcba48db58aa26c0051e
                                                                                                                                                                            • Opcode Fuzzy Hash: 62e899504c771822283223a634c772ed98b9d5ec0be683d09e194f1bd6caa004
                                                                                                                                                                            • Instruction Fuzzy Hash: 5F012820F0BF03B4EE65DB50A88017122A0FF587C5F840135C44E467A1EFBDA6A5C36C
                                                                                                                                                                            Function 00007FF8A80FDA70 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 214COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8A80F9D69), ref: 00007FF8A80FDBEB
                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8A80F9D69), ref: 00007FF8A80FDC44
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                            • String ID: image/gif$image/jpeg$image/png
                                                                                                                                                                            • API String ID: 626452242-935766689
                                                                                                                                                                            • Opcode ID: db72edc6755a3be58988d54a51b5f2a2286855cecb1c0d053cc582bfec40f4e6
                                                                                                                                                                            • Instruction ID: 81e4ef54b754177a51b12b34ee6bcabc300c82839c1d16f1ae2b3e62d35353ca
                                                                                                                                                                            • Opcode Fuzzy Hash: db72edc6755a3be58988d54a51b5f2a2286855cecb1c0d053cc582bfec40f4e6
                                                                                                                                                                            • Instruction Fuzzy Hash: 43916A72A0AB42A6EF548F15E8402796BA0FB48BC4F188131DE4D477A4CFBCEC51C358
                                                                                                                                                                            Function 00007FF8A8195A90 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                            • String ID: Verdana$screen,desktop
                                                                                                                                                                            • API String ID: 32694325-708148380
                                                                                                                                                                            • Opcode ID: a5c1ba29055d51837a2bdada9a9763f987b5de1573d7d04fc8cd8664b2fc05d3
                                                                                                                                                                            • Instruction ID: e4898c36f38e5d4e9d924ee4242d7885a73cff8d5947773eb61f83d1336db6eb
                                                                                                                                                                            • Opcode Fuzzy Hash: a5c1ba29055d51837a2bdada9a9763f987b5de1573d7d04fc8cd8664b2fc05d3
                                                                                                                                                                            • Instruction Fuzzy Hash: 23B12D32606B81EAE749CF25E9843A8B7A4F744B88F584129CB6D03360DF78F5B5C758
                                                                                                                                                                            Function 00007FF8A80F9E10 Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$CriticalSection$Select$EnterLeave$CompatibleCreateDeleteStock
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1060921341-0
                                                                                                                                                                            • Opcode ID: 4eb4a50a35d338c7aee3a90604c28e54e49379171f43b69627f5d4d089ebebc6
                                                                                                                                                                            • Instruction ID: 7c5ef248e40de910ac6f89299089ddbbc0818fe413b4dae07764802d7633a21b
                                                                                                                                                                            • Opcode Fuzzy Hash: 4eb4a50a35d338c7aee3a90604c28e54e49379171f43b69627f5d4d089ebebc6
                                                                                                                                                                            • Instruction Fuzzy Hash: E2715D3261AA81A5EB20DF25E8502ED7360FF84788F444036DA4E47BA5DFBCD909CB54
                                                                                                                                                                            Function 00007FF8A8188C60 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CreateFont$CapsDevice
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3852243758-0
                                                                                                                                                                            • Opcode ID: bb4856484b2339fa3692480b4c229ee98e8bed653289ded463193dccc1b363ec
                                                                                                                                                                            • Instruction ID: 1133fd36cf7f3d97910fe9bbb49d21bcd829e876a8323fd7b5d4228c660532dd
                                                                                                                                                                            • Opcode Fuzzy Hash: bb4856484b2339fa3692480b4c229ee98e8bed653289ded463193dccc1b363ec
                                                                                                                                                                            • Instruction Fuzzy Hash: 0D516972A196C18BE3608F15E84176ABBA0FBD57C4F145229EA8903B64DF7CD4A0CF14
                                                                                                                                                                            Function 00007FF8A8105B80 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Window$CtrlDestroyMessageParentSend
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2943902463-0
                                                                                                                                                                            • Opcode ID: 34ee0642b3d6b810d2c4174601a9f1983ab3aaefe840b9835bc868b432316253
                                                                                                                                                                            • Instruction ID: bf383670da0aef9eeb2153c091910ce3535db4adce57013f961c46209059f06e
                                                                                                                                                                            • Opcode Fuzzy Hash: 34ee0642b3d6b810d2c4174601a9f1983ab3aaefe840b9835bc868b432316253
                                                                                                                                                                            • Instruction Fuzzy Hash: C4318D3260AF8596EA148F12E84416AB3B4FB88BC4F184035DA8E0B764DF7CE884C714
                                                                                                                                                                            Function 00007FF8A83C8F0C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                            • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                            • Instruction ID: 4b929a03364370cc412ddfd59d89c7f9416c2d2d192c00f951bbcae487ab9d6a
                                                                                                                                                                            • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                            • Instruction Fuzzy Hash: 991158A2E1AE0335F6D51528F4453773143EF983F0E0C0A34E76E0A6D68F9CAA694128
                                                                                                                                                                            Function 00007FF8A83C09B4 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF8A83B8E33,?,?,00000000,00007FF8A83B90CE,?,?,?,?,?,00007FF8A83B905A), ref: 00007FF8A83C09D3
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF8A83B8E33,?,?,00000000,00007FF8A83B90CE,?,?,?,?,?,00007FF8A83B905A), ref: 00007FF8A83C09F2
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF8A83B8E33,?,?,00000000,00007FF8A83B90CE,?,?,?,?,?,00007FF8A83B905A), ref: 00007FF8A83C0A1A
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF8A83B8E33,?,?,00000000,00007FF8A83B90CE,?,?,?,?,?,00007FF8A83B905A), ref: 00007FF8A83C0A2B
                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF8A83B8E33,?,?,00000000,00007FF8A83B90CE,?,?,?,?,?,00007FF8A83B905A), ref: 00007FF8A83C0A3C
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Value
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                            • Opcode ID: e62a96ce5c66054e468777da1a202b7dd322e774ef89683629494ed3298c4153
                                                                                                                                                                            • Instruction ID: b0536f818575817918c23b723d1265231bd7a0cd2d8d6355e0ba78b1e932fcae
                                                                                                                                                                            • Opcode Fuzzy Hash: e62a96ce5c66054e468777da1a202b7dd322e774ef89683629494ed3298c4153
                                                                                                                                                                            • Instruction Fuzzy Hash: 6A11BEA0F0BA9261FA986761656117B7142DF443F0F0C9734EA3D077D6DF2CF8898229
                                                                                                                                                                            Function 00007FF8A839B0A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF8A839B12B
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                            • API String ID: 389471666-631824599
                                                                                                                                                                            • Opcode ID: d12ff28a3469bab72b1819598fef0ca8bb1b28cd9bfef35567a6c50d969248a4
                                                                                                                                                                            • Instruction ID: 4c1eac5eed6159d4ad293bcdcb439471d8f24c6182c52844ee308f99506caf91
                                                                                                                                                                            • Opcode Fuzzy Hash: d12ff28a3469bab72b1819598fef0ca8bb1b28cd9bfef35567a6c50d969248a4
                                                                                                                                                                            • Instruction Fuzzy Hash: A3118C32A1AF92B6E7049B22DA543B933A0FF04384F444535C64D87A50EF7CE4B4C728
                                                                                                                                                                            Function 00007FF8A81E6900 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3936042273-0
                                                                                                                                                                            • Opcode ID: f4a88ab0ba66270a3e40166517e891bf6a7b9e251a01f98305efdc0af75f1a26
                                                                                                                                                                            • Instruction ID: 3c09f9be6c60ab954336804530828951406b958f5e2b1fe7d5f9147e4bb19772
                                                                                                                                                                            • Opcode Fuzzy Hash: f4a88ab0ba66270a3e40166517e891bf6a7b9e251a01f98305efdc0af75f1a26
                                                                                                                                                                            • Instruction Fuzzy Hash: DFB11372B0AA81A6DA11DF26E5042BD6751FB04BE4F884632DF6D07B89EF7CD491C318
                                                                                                                                                                            Function 00007FF8A83C1D48 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FF8A83C1CE8), ref: 00007FF8A83C1E6B
                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FF8A83C1CE8), ref: 00007FF8A83C1EF5
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                            • Opcode ID: 525c6090929db2b4d4d2276457ba9b185110b05c3e7155ea4d5178194210c406
                                                                                                                                                                            • Instruction ID: 3e336f33760a622ffef520e767ff96a0bd95a57554479a23ff84cda66eaf7597
                                                                                                                                                                            • Opcode Fuzzy Hash: 525c6090929db2b4d4d2276457ba9b185110b05c3e7155ea4d5178194210c406
                                                                                                                                                                            • Instruction Fuzzy Hash: 549102A2E1AE52A9F760CB6584446BE3BA0FB447C8F484136DF4E57694CF3CD849D328
                                                                                                                                                                            Function 00007FF8A812DB90 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2801635615-0
                                                                                                                                                                            • Opcode ID: 7ce7ea57ec7f45ea88e4b2ef60821b6d780440ea6ce05309ecc210499ba82453
                                                                                                                                                                            • Instruction ID: 55d3ad58c583eac0b0844949af3df01125b5e19a6c481025c3e9a3ac71d9586a
                                                                                                                                                                            • Opcode Fuzzy Hash: 7ce7ea57ec7f45ea88e4b2ef60821b6d780440ea6ce05309ecc210499ba82453
                                                                                                                                                                            • Instruction Fuzzy Hash: E131CCB6B0AB04A7EB65CB15E94456877A0FB44BD0F444035CF4E437A0EF79E8A6C720
                                                                                                                                                                            Function 00007FF8A82DBA6C Relevance: 6.1, APIs: 4, Instructions: 82fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: File$View$CloseCreateHandle$FlushMappingPointerSizeUnmap
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3155271917-0
                                                                                                                                                                            • Opcode ID: ecbef2459043b525bd7a320c3b1a5a764f1805ce84f071d7d5051efa6ab7ea54
                                                                                                                                                                            • Instruction ID: 05707958ef5994b07fffc12dae66acdaecc51a04088458d37bafa02d0838cb7e
                                                                                                                                                                            • Opcode Fuzzy Hash: ecbef2459043b525bd7a320c3b1a5a764f1805ce84f071d7d5051efa6ab7ea54
                                                                                                                                                                            • Instruction Fuzzy Hash: 3331B076A16B4186F724CF25E4547783BA0E784BA8F288234CE9D07798CF7CD856CB54
                                                                                                                                                                            Function 00007FF8A81739D0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: GetStockObject.GDI32(?,?,?,00007FF8A8173A01,?,?,?,?,?,?,00000000,00007FF8A812F5ED), ref: 00007FF8A8171EA5
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: SelectObject.GDI32 ref: 00007FF8A8171EB2
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: DeleteObject.GDI32 ref: 00007FF8A8171EC0
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: GetStockObject.GDI32(?,?,?,00007FF8A8173A01,?,?,?,?,?,?,00000000,00007FF8A812F5ED), ref: 00007FF8A8171ECB
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: SelectObject.GDI32 ref: 00007FF8A8171ED8
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: DeleteObject.GDI32 ref: 00007FF8A8171EE6
                                                                                                                                                                              • Part of subcall function 00007FF8A8171E70: RestoreDC.GDI32 ref: 00007FF8A8171F17
                                                                                                                                                                            • SelectObject.GDI32 ref: 00007FF8A8173A6E
                                                                                                                                                                            • GetStockObject.GDI32(?,?,?,?,?,?,00000000,00007FF8A812F5ED), ref: 00007FF8A8173A79
                                                                                                                                                                            • SelectObject.GDI32 ref: 00007FF8A8173A85
                                                                                                                                                                            • DeleteDC.GDI32 ref: 00007FF8A8173A8E
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Object$Select$DeleteStock$Restore
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 1104070528-0
                                                                                                                                                                            • Opcode ID: eff816e2f254408a87cacc38f3f58e5f2d40c1e400b394b22ecf078e492a30ea
                                                                                                                                                                            • Instruction ID: a3ac930627430f32adea6a0415ffa13807eff5f3fd6fec9777604c9aa6b8a807
                                                                                                                                                                            • Opcode Fuzzy Hash: eff816e2f254408a87cacc38f3f58e5f2d40c1e400b394b22ecf078e492a30ea
                                                                                                                                                                            • Instruction Fuzzy Hash: 6121367A60AF82A1DA00DF12E8586697325FB89FC8F088032DE8E17725CF7DE845C754
                                                                                                                                                                            Function 00007FF8A8133AF0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 3473537107-0
                                                                                                                                                                            • Opcode ID: b79b0a6ecb46c96003dad4b9e107e9b99562151029deccb73a05b12182303294
                                                                                                                                                                            • Instruction ID: 1d7ec783db9764ac45f83f97591c6b06131ea9dc3a1f844aefd88cf2f14527aa
                                                                                                                                                                            • Opcode Fuzzy Hash: b79b0a6ecb46c96003dad4b9e107e9b99562151029deccb73a05b12182303294
                                                                                                                                                                            • Instruction Fuzzy Hash: 82010931A0AB4291EA518B16F44402963A1FF89BC4F189434DA9D4B768EF3DE494C718
                                                                                                                                                                            Function 00007FF8A81A9D60 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9C95
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: RtlLeaveCriticalSection.NTDLL ref: 00007FF8A81A9CD6
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9CE8
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: RtlLeaveCriticalSection.NTDLL ref: 00007FF8A81A9D1C
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: SetEvent.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D34
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: Sleep.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D3F
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D9A
                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9DAA
                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9DB4
                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9DBE
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$CloseDeleteEnterHandleLeave$EventSleep
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 466394505-0
                                                                                                                                                                            • Opcode ID: 0b947f7ed643c7f42ddc7bfd956eee3cd6c79ad2f279488b943882289052cbef
                                                                                                                                                                            • Instruction ID: 8a2b5135d814065d3fccfd2d59ee454d484b64349167f40a4963c351b977361b
                                                                                                                                                                            • Opcode Fuzzy Hash: 0b947f7ed643c7f42ddc7bfd956eee3cd6c79ad2f279488b943882289052cbef
                                                                                                                                                                            • Instruction Fuzzy Hash: C3113022B0A902A2EB01DF25E5542397361EB84FD8F184131D66E4B6E9DF3DE885C394
                                                                                                                                                                            Function 00007FF8A8378EE4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                            • Opcode ID: 100aadebd0c187dc730e4775f4137f9748f62a234d9c2d343655fce17487964c
                                                                                                                                                                            • Instruction ID: fa473624f2789d623569e5733582d7b91ee2bcd1b119812b998e8b81e0a904b6
                                                                                                                                                                            • Opcode Fuzzy Hash: 100aadebd0c187dc730e4775f4137f9748f62a234d9c2d343655fce17487964c
                                                                                                                                                                            • Instruction Fuzzy Hash: 42113022B1AF019AEB00CF60E8542B833A4F759798F440E35DA6D47BA4DF7CD554C394
                                                                                                                                                                            Function 00007FF8A8120EB0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CapsDeviceRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 127614599-0
                                                                                                                                                                            • Opcode ID: 5be1e2ee7d9a81fa17b284ba20b411867fd6f81ef933a2590a305a6a153334ed
                                                                                                                                                                            • Instruction ID: a9baf5851e14c574a75244f11a23f39af9e64a106864cb84bdc172020f911f39
                                                                                                                                                                            • Opcode Fuzzy Hash: 5be1e2ee7d9a81fa17b284ba20b411867fd6f81ef933a2590a305a6a153334ed
                                                                                                                                                                            • Instruction Fuzzy Hash: 1F011231F0AA12A7E7088B11E45452A2362EB887D4F198538CA4D47754EF3DFC81C758
                                                                                                                                                                            Function 00007FF8A8120EC7 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CapsDeviceRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 127614599-0
                                                                                                                                                                            • Opcode ID: 1625ff2e856f10e3215f3475f18c0cda9def00bc986b4b7b17f96f3e245c4f11
                                                                                                                                                                            • Instruction ID: a98950353927f6d0ecc671ed4b49e5e08a2509052356a21fea0e6dbfb327aba9
                                                                                                                                                                            • Opcode Fuzzy Hash: 1625ff2e856f10e3215f3475f18c0cda9def00bc986b4b7b17f96f3e245c4f11
                                                                                                                                                                            • Instruction Fuzzy Hash: BF011D31F0AA12A7E7148B11F45453B23A2EB897D4F198139CA4E4B764EF7EE8818758
                                                                                                                                                                            Function 00007FF8A8120ECF Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CapsDeviceRelease
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 127614599-0
                                                                                                                                                                            • Opcode ID: 1f91f3bd0f353a1964deae5785e75f5a6129917df4bd84ec7513cf566acd5e33
                                                                                                                                                                            • Instruction ID: da1af5be64ab91c287f67678f411e36435796c051fd894f645fa2e3b87c74593
                                                                                                                                                                            • Opcode Fuzzy Hash: 1f91f3bd0f353a1964deae5785e75f5a6129917df4bd84ec7513cf566acd5e33
                                                                                                                                                                            • Instruction Fuzzy Hash: CD013131F0AA12A7E7048B11F45452723A2EB897D4F198139CA4D4B764EF3EEC818758
                                                                                                                                                                            Function 00007FF8A80F6A00 Relevance: 6.0, APIs: 4, Instructions: 26memorythreadCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AllocCurrentHookThreadValueWindows
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 4130353779-0
                                                                                                                                                                            • Opcode ID: 8cffb43212bdcbbbabfa8f7cc5e6ddd963a4ba2e1819bb472e2b2118154e8187
                                                                                                                                                                            • Instruction ID: cf7e0d9e15569d097d71c49fae569f30cd32d41901dda359281190e729a53412
                                                                                                                                                                            • Opcode Fuzzy Hash: 8cffb43212bdcbbbabfa8f7cc5e6ddd963a4ba2e1819bb472e2b2118154e8187
                                                                                                                                                                            • Instruction Fuzzy Hash: 44F04F30F0F902B6FA445B2498949342390EF18BE4F485638C42D4A2E0DFBE7C55DA68
                                                                                                                                                                            Function 00007FF8A80F9930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCriticalSection$EnterLeaveRelease
                                                                                                                                                                            • String ID: htmlarea
                                                                                                                                                                            • API String ID: 581408045-1618212067
                                                                                                                                                                            • Opcode ID: b7b2d5f27f9c1c0a7e59af0f43d2853a9631e992bbf2153ac42b309a7c49ba37
                                                                                                                                                                            • Instruction ID: 7b10cae6c468d132425d4f88f2ba4502e4cf1de2dd462932b742c982c900bd81
                                                                                                                                                                            • Opcode Fuzzy Hash: b7b2d5f27f9c1c0a7e59af0f43d2853a9631e992bbf2153ac42b309a7c49ba37
                                                                                                                                                                            • Instruction Fuzzy Hash: 96619A72B0BA52A5FE14CB15D8842782362FF84BC5F498532DA0E473A5DFBCE851C368
                                                                                                                                                                            Function 00007FF8A812C1B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                            • String ID: file
                                                                                                                                                                            • API String ID: 3168844106-2359244304
                                                                                                                                                                            • Opcode ID: 491c6ed622f850bc0122c741894cbf3e44012bf14944f55a729b74546bd95379
                                                                                                                                                                            • Instruction ID: 034c4de9b440f67b1aeb17ae417366793fde7b7ec9488a9cb88880da3b99be48
                                                                                                                                                                            • Opcode Fuzzy Hash: 491c6ed622f850bc0122c741894cbf3e44012bf14944f55a729b74546bd95379
                                                                                                                                                                            • Instruction Fuzzy Hash: B2719F32B0AA42A9EB61CB60E4402FD33B5EB447D8F804535DF5D17A89EF38D856C368
                                                                                                                                                                            Function 00007FF8A80F9B90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                            • String ID: htmlarea
                                                                                                                                                                            • API String ID: 3168844106-1618212067
                                                                                                                                                                            • Opcode ID: 5df70c3d2faf6a5e22c488f30e633acdef284722aa05c7714050f83cef8c8094
                                                                                                                                                                            • Instruction ID: fbbbfc4472d96cfaab7f82a7a0c38a080c6a5b7d7636de7e709dea1be67d058a
                                                                                                                                                                            • Opcode Fuzzy Hash: 5df70c3d2faf6a5e22c488f30e633acdef284722aa05c7714050f83cef8c8094
                                                                                                                                                                            • Instruction Fuzzy Hash: 35415CA2B0AA4191EE14CB19D59427867A1FF44FC5F098432CE0E473A4DF7DED55C3A8
                                                                                                                                                                            Function 00007FF8A83C1A18 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                            • String ID: U
                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                            • Opcode ID: f2fbe524a5f007a0204124b2a62afc029b72785a55749f0e9f80bc10fb2fb7b0
                                                                                                                                                                            • Instruction ID: 2d8104203e05c0cf24d7ea816b84c4833212a7a3965ac3547e45a1381a5fc681
                                                                                                                                                                            • Opcode Fuzzy Hash: f2fbe524a5f007a0204124b2a62afc029b72785a55749f0e9f80bc10fb2fb7b0
                                                                                                                                                                            • Instruction Fuzzy Hash: 7641B262B1AA41A6EB20DF25E4443AA77A5FB887C4F444031EF8D87798EF3CD805DB54
                                                                                                                                                                            Function 00007FF8A8174D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: Stretch$BitsMode
                                                                                                                                                                            • String ID:
                                                                                                                                                                            • API String ID: 661349847-3916222277
                                                                                                                                                                            • Opcode ID: 6f7d81da5fe5bed401d5625eaa5be3eb2ef35119b6fa737cee29217cd1b4ec74
                                                                                                                                                                            • Instruction ID: 036778440e27a6aabe4575330f26f567907d141ef4b541027ce52e181d4a11aa
                                                                                                                                                                            • Opcode Fuzzy Hash: 6f7d81da5fe5bed401d5625eaa5be3eb2ef35119b6fa737cee29217cd1b4ec74
                                                                                                                                                                            • Instruction Fuzzy Hash: A9315C33615A808AD715CF26E484B19B7A4F748BD4F258125EF8943B24DF38D845CB00
                                                                                                                                                                            Function 00007FF8A8196DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF8A80FE203), ref: 00007FF8A8196DCF
                                                                                                                                                                            • RtlLeaveCriticalSection.NTDLL ref: 00007FF8A8196E05
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9C95
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: RtlLeaveCriticalSection.NTDLL ref: 00007FF8A81A9CD6
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9CE8
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: RtlLeaveCriticalSection.NTDLL ref: 00007FF8A81A9D1C
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: SetEvent.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D34
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9C70: Sleep.KERNEL32(?,?,?,?,?,00007FF8A81A9E39,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D3F
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9D60: CloseHandle.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9D9A
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9D60: CloseHandle.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9DAA
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9D60: DeleteCriticalSection.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9DB4
                                                                                                                                                                              • Part of subcall function 00007FF8A81A9D60: DeleteCriticalSection.KERNEL32(?,?,?,00007FF8A81A9E47,?,?,?,?,?,00007FF8A81965A0), ref: 00007FF8A81A9DBE
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$CloseDeleteHandle$EventSleep
                                                                                                                                                                            • String ID: resource://blank
                                                                                                                                                                            • API String ID: 1336082208-1841388455
                                                                                                                                                                            • Opcode ID: 496ea26c38ac7dffedc20fdd9db8533b93978701569a9210156b1ef018fd79b6
                                                                                                                                                                            • Instruction ID: 7fe3ed788643bd5a60834a6e391bd037e6b0f59b8d2a163421092567d773cd1c
                                                                                                                                                                            • Opcode Fuzzy Hash: 496ea26c38ac7dffedc20fdd9db8533b93978701569a9210156b1ef018fd79b6
                                                                                                                                                                            • Instruction Fuzzy Hash: 8231503261AF46A2EE40CF25E45066A73A0FB85BD4F445132EB9D07B64CF7CE454C764
                                                                                                                                                                            Function 00007FF8A80F101D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                            APIs
                                                                                                                                                                            Strings
                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                            • Source File: 00000007.00000002.3345174537.00007FF8A80F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A80F0000, based on PE: true
                                                                                                                                                                            • Associated: 00000007.00000002.3345109434.00007FF8A80F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345441828.00007FF8A83FA000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345520042.00007FF8A84A2000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345551556.00007FF8A84A3000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345581900.00007FF8A84A4000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345612080.00007FF8A84A5000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345646510.00007FF8A84A6000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345685187.00007FF8A84A9000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345723030.00007FF8A84AF000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            • Associated: 00000007.00000002.3345757509.00007FF8A84B3000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                            • Snapshot File: hcaresult_7_2_7ff8a80f0000_instup.jbxd
                                                                                                                                                                            Similarity
                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                            • String ID: GetLayeredWindowAttributes
                                                                                                                                                                            • API String ID: 3013587201-2043642294
                                                                                                                                                                            • Opcode ID: 2966f7bb24ed739cf85d63b74027fda29d31e4d700a04d0e254b4feb7d39b588
                                                                                                                                                                            • Instruction ID: 1cb5538c1f298d1cd53e9f6f4b0579aef23940bc2cd9c44ec121e6cf4330dfb2
                                                                                                                                                                            • Opcode Fuzzy Hash: 2966f7bb24ed739cf85d63b74027fda29d31e4d700a04d0e254b4feb7d39b588
                                                                                                                                                                            • Instruction Fuzzy Hash: 28F0F420F0BF07B0EA549B24A88013022A0FF54785F440535C44E8A7A0EFADA6A5C36C