Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
avast_free_antivirus_setup_online.exe

Overview

General Information

Sample name:avast_free_antivirus_setup_online.exe
Analysis ID:1557017
MD5:3df8662a0a6e5d44dda952b703ca3415
SHA1:53e291164837412630395b77d21ddc0b9045b522
SHA256:15d337b503e75aadc343cfef9801ebdc16e6b255a404119ebd56c1e48e0e0179
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to infect the boot sector
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Tries to delay execution (extensive OutputDebugStringW loop)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • avast_free_antivirus_setup_online.exe (PID: 1900 cmdline: "C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe" MD5: 3DF8662A0A6E5D44DDA952B703CA3415)
    • avast_free_antivirus_setup_online_x64.exe (PID: 2104 cmdline: "C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd MD5: 5602827611566F03E75534E544049184)
      • Instup.exe (PID: 5828 cmdline: "C:\Windows\Temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd MD5: 3ABF9F028C72536CFAE2C019442F26AA)
        • instup.exe (PID: 5448 cmdline: "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd /online_installer MD5: 3ABF9F028C72536CFAE2C019442F26AA)
          • aswOfferTool.exe (PID: 2056 cmdline: "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevated MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
          • aswOfferTool.exe (PID: 5304 cmdline: "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" /check_secure_browser MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
          • aswOfferTool.exe (PID: 3444 cmdline: "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
            • aswOfferTool.exe (PID: 2948 cmdline: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC MD5: CF1F1ACB6AF4203FED502A06F4EB42B6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine|base64offset|contains: ^r@E+*', Image: C:\Users\Public\Documents\aswOfferTool.exe, NewProcessName: C:\Users\Public\Documents\aswOfferTool.exe, OriginalFileName: C:\Users\Public\Documents\aswOfferTool.exe, ParentCommandLine: "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC, ParentImage: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe, ParentProcessId: 3444, ParentProcessName: aswOfferTool.exe, ProcessCommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, ProcessId: 2948, ProcessName: aswOfferTool.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-17T04:14:07.110517+010020283713Unknown Traffic192.168.2.44973834.117.223.223443TCP
2024-11-17T04:14:07.112649+010020283713Unknown Traffic192.168.2.44973934.117.223.223443TCP
2024-11-17T04:14:08.504165+010020283713Unknown Traffic192.168.2.44974034.117.223.223443TCP
2024-11-17T04:14:09.603836+010020283713Unknown Traffic192.168.2.44974334.117.223.223443TCP
2024-11-17T04:14:10.440554+010020283713Unknown Traffic192.168.2.44974634.160.176.28443TCP
2024-11-17T04:14:10.934995+010020283713Unknown Traffic192.168.2.44974734.117.223.223443TCP
2024-11-17T04:14:41.239088+010020283713Unknown Traffic192.168.2.44976634.160.176.28443TCP
2024-11-17T04:14:46.231070+010020283713Unknown Traffic192.168.2.44976834.117.223.223443TCP
2024-11-17T04:14:47.440050+010020283713Unknown Traffic192.168.2.44977634.111.24.1443TCP
2024-11-17T04:14:48.396659+010020283713Unknown Traffic192.168.2.44978234.117.223.223443TCP
2024-11-17T04:15:45.357453+010020283713Unknown Traffic192.168.2.45003934.117.223.223443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A2B0E0 CryptDestroyHash,CryptDestroyHash,0_2_00A2B0E0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A282F0 CryptDestroyHash,0_2_00A282F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A29250 CryptGenRandom,GetLastError,__CxxThrowException@8,0_2_00A29250
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A29450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,0_2_00A29450
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A28DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,0_2_00A28DC0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A29020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00A29020
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A28260 CryptDestroyHash,0_2_00A28260
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A29340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00A29340
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A294D0 CryptHashData,GetLastError,__CxxThrowException@8,0_2_00A294D0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A28EF0 CryptReleaseContext,0_2_00A28EF0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A42660 CryptReleaseContext,0_2_00A42660
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0512010 CryptAcquireContextW,1_2_00007FF6E0512010
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF128730 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,7_2_00007FF6BF128730
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_ada9bc6c-d
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe
Uses 32bit PE files
Source: avast_free_antivirus_setup_online.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: avast_free_antivirus_setup_online.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:50039 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: avast_free_antivirus_setup_online.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.1901694871.00007FF717D10000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdbG source: Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb| source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avast_free_antivirus_setup_online.exe, 00000000.00000000.1741668900.0000000000A43000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb4 source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1787F8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,7_2_00007FF6BF1787F8
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 34.160.176.28:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49768 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49776 -> 34.111.24.1:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49782 -> 34.117.223.223:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49766 -> 34.160.176.28:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50039 -> 34.117.223.223:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-ch&repoid=iavs9x&p_lan=8192&p_lng=en&p_vep=24&p_ves=11&p_vbd=6137&p_cnm=305090&p_hid=ad54635d-aa65-492b-8623-e9fd8fd3918b&p_bld=mmm_ava_esg_000_361_m&p_adp=0000&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66&p_chs=5&p_chr=2&p_gccc=2&p_scr=intro&p_sbi=0&p_ram=8191&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: */*User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )Host: ipm.avcdn.net
Source: global trafficHTTP traffic detected: GET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22ad54635d-aa65-492b-8623-e9fd8fd3918b%22%2C%22hwid%22%3A%223F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%2C%22tracking%22%3A%5B%7B%22key%22%3A%22LicenseBusinessSource%22%2C%22value%22%3A%22NotSet%22%7D%5D%2C%22brand%22%3A%22Avast%22%2C%22placement_type%22%3A%22setup%22%2C%22message_name%22%3A%22setup-avast-offer_nitro-secure-browser%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: */*User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )Host: analytics.ff.avast.com
Source: global trafficDNS traffic detected: DNS query: iavs9x.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: v7event.stats.avast.com
Source: global trafficDNS traffic detected: DNS query: analytics.avcdn.net
Source: global trafficDNS traffic detected: DNS query: shepherd.ff.avast.com
Source: global trafficDNS traffic detected: DNS query: h4305360.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: n4291289.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: p9854759.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: s-iavs9x.avcdn.net
Source: global trafficDNS traffic detected: DNS query: s1843811.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: w5805295.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: f3461309.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: h4444966.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: n8283613.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: r9319236.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: y9830512.iavs9x.u.avast.com
Source: global trafficDNS traffic detected: DNS query: n2833777.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: n4291289.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: r4427608.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: r9319236.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: s-vps18tiny.avcdn.net
Source: global trafficDNS traffic detected: DNS query: y8002308.vps18tiny.u.avcdn.net
Source: global trafficDNS traffic detected: DNS query: ipm.avcdn.net
Source: global trafficDNS traffic detected: DNS query: ipmcdn.avast.com
Source: global trafficDNS traffic detected: DNS query: analytics.ff.avast.com
Source: unknownHTTP traffic detected: POST /v4/receive/json/70 HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Avast SimpleHttp/3.0Content-Length: 604Host: analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.aj
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.comirsBaseUrlTrackingSurvived
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5xxp024-
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xp=
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xpnym
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9tiny.u.avast.com/ivps9tinyd
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tinyF
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny_CER
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitroport
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ftp://UnknownWindows-3.11Windows-95Windows-95-OSR2Windows-98Windows-98-SEWindows-MEWindows-CE
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xpq
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9xtron
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitrou
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny-
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000000.1741668900.0000000000A43000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tinyp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny5
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tinyv
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tinyD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5xcgiT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9xcgiM
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tinyH
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xpndr
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9xcgiye
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tinyndr
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x0d:A
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1834036542.00000233C4D1D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1833757047.00000233C4D12000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1833850698.00000233C4D18000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1833659364.00000233C4D0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tinyG
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitroX
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9xcgiE
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x.cgiY
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5xmFtcyI6W3s
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ia
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tinyW
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avas
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi(
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyN
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgirt
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgixpB
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.a
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi075B
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi4
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiA
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiH
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiRTSC
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgia
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgib
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgim
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgindr
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiq
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi~
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suit.avas
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5x9tinyK
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xp7
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitroH
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/P
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3637324680.0000000005425000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005423000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3637324680.0000000005425000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005423000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiB
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgik
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tinyi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnit
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitroU
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.0000000005414000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637240281.0000000005415000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874359069.00000233C2454000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874472941.00000233C2454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect?aiid=mmm_ava_esg_000_361_m&an=Free&av=24.11.9615&cd=stub-ext
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collectO
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/p
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/intl/%s/toolbar/ie/partnereula.htmlgtoolbar_andgtoolbar_priv_policyAvBehav_Gto
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs5x.u.avast.com/iavs5x(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xppe
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tinyh
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tinyi
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tinyp_bs
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tinyo
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/en-US/firefox/addon/norton-password-manager/?utm_source=addons.mozilla.or
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dSe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.nethttps://analytics.avcdn.net/v4/receive/json/67A1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636941748.00000233C241F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2267106327.00000233C2414000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521607906.00000233C241E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/DLL
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%deditionhttps://analytics-stage.avcdn.net/v4/receive/js
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/15Error
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521369945.00000233C242A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C242A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887013847.00000233C2470000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3637079420.00000233C242C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C7515000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636865619.00000233C2415000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2267106327.00000233C2414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C7515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.05L
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C7515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.85T
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-complete
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avast.com/installation-completehttps://avg.com/installation-completeproduct_skuFreeProIntern
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avg.com/installation-complete
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe?campaign_source=av_install_t
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/norton-password-manager/admmjipmmciaobhojoghlmleefbicajg
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899585654.00000233C74F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266985651.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892202133.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521658106.00000233C750F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637324680.0000000005425000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005423000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899585654.00000233C74F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266985651.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892202133.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521658106.00000233C750F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csw.client.privax.comhttps://win.client.cleanup.avirahttps://win.client.secureline.avirahttp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fallback.nos-avg.cz./servers.json
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.comhttps://winqual.sb.avast.com/V1/MDHostapplication/octet-streamContent-TypeV1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av//avast_premium_security_online_setup.exe/avast_omni_online_s
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640810298.000001287E968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exe
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeqT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EB80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640810298.000001287E972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EB80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F59C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspection
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F59C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspection
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640810298.000001287E968000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F59C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pamcdn.avast.com/pamcdn/extensions/install/win/extension/index.html?p_pei=%token%&cn=%cn%&cs
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.json
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED13000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitro.avcdn.net/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny)
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotix
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.avast.com/yellowblueredlevelissue_action_disk_spaceempty_binhintadditionaldescriptio
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/tats.cstat
Source: Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.statsvat.com1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stau
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899527774.00000233C7515000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641847240.00000233C7515000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2267230057.00000233C7515000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521658106.00000233C7515000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636941748.00000233C241F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2267106327.00000233C2414000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521607906.00000233C241E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/R9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3637079420.00000233C242C000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521658106.00000233C7515000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142176513.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640810298.000001287E972000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110133958.000001287EDE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899585654.00000233C74F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3170691293.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266985651.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636783059.00000233C240A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3170402299.00000233C240A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892202133.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641757282.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521427109.00000233C2405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comavast_streamback_
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://win.client.cleanup.avasthttps://win.client.secureline.avasthttps://win.client.breachguard.av
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://win.client.secureline.avghttps://win.client.antivirus.avghttps://win.client.batterysaver.avg
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/%s/eula#pchttps://www.avira.com/en/license-agreement-terms-of-useeula_linkhttps:
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser/privacy/chrome_priv_policyhttps://www.google.com/intl/%s/chrom
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/policies/terms/google_termslearn_moreAvBehav_Googlechrome_trygoogle_t
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85F8AE0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FFDF85F8AE0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85F8AE0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FFDF85F8AE0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85F8560 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,RegisterClipboardFormatW,SetClipboardData,CloseClipboard,7_2_00007FFDF85F8560
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF845E890 KillTimer,GetAsyncKeyState,GetDoubleClickTime,SetTimer,GetAsyncKeyState,KillTimer,KillTimer,GetCursorPos,WindowFromPoint,ScreenToClient,KillTimer,KillTimer,GetCursorPos,ScreenToClient,GetAsyncKeyState,7_2_00007FFDF845E890
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF10BC80 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,7_2_00007FF6BF10BC80
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFF8A0 CreateIoCompletionPort,CloseHandle,GetCurrentProcess,NtCreateWorkerFactory,CloseHandle,NtQueryInformationProcess,NtQuerySystemInformation,GetCurrentProcessId,CloseHandle,CloseHandle,NtQueryInformationWorkerFactory,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,7_2_00007FF6BEFFF8A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF11E630 NtQueryKey,7_2_00007FF6BF11E630
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFF3C0 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_00007FF6BEFFF3C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8490D50 NtdllDefWindowProc_A,7_2_00007FFDF8490D50
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8458D05 NtdllDefWindowProc_A,7_2_00007FFDF8458D05
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8490DB0 NtdllDefWindowProc_W,7_2_00007FFDF8490DB0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8458E20 NtdllDefWindowProc_W,7_2_00007FFDF8458E20
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8490E10 NtdllDefWindowProc_A,7_2_00007FFDF8490E10
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8490EC0 NtdllDefWindowProc_W,7_2_00007FFDF8490EC0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8457E9A NtdllDefWindowProc_A,RtlLeaveCriticalSection,7_2_00007FFDF8457E9A
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848FF20 NtdllDefWindowProc_A,7_2_00007FFDF848FF20
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848FF80 NtdllDefWindowProc_W,7_2_00007FFDF848FF80
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF845F040 GetWindowLongA,GetWindowLongA,GetWindowDC,GetSystemMetrics,GetSystemMetrics,GetWindowRect,GetSystemMetrics,GetSystemMetrics,InflateRect,CreateRectRgnIndirect,CombineRgn,OffsetRect,OffsetRect,ExcludeClipRect,InflateRect,GetClassLongPtrA,InflateRect,FillRect,NtdllDefWindowProc_A,DeleteObject,ReleaseDC,7_2_00007FFDF845F040
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848F730 NtdllDefWindowProc_A,7_2_00007FFDF848F730
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848F7E0 NtdllDefWindowProc_W,7_2_00007FFDF848F7E0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A2A100: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_00A2A100
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A252F00_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A2BB700_2_00A2BB70
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A3C9D00_2_00A3C9D0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A4126C0_2_00A4126C
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A2D3400_2_00A2D340
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A2EDE00_2_00A2EDE0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A366E40_2_00A366E4
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A3CE7E0_2_00A3CE7E
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E045CDA41_2_00007FF6E045CDA4
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E045E7E81_2_00007FF6E045E7E8
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0468D601_2_00007FF6E0468D60
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04552001_2_00007FF6E0455200
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0454E2C1_2_00007FF6E0454E2C
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04555D41_2_00007FF6E04555D4
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0428B001_2_00007FF6E0428B00
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04517501_2_00007FF6E0451750
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E03810001_2_00007FF6E0381000
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04574301_2_00007FF6E0457430
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0471BE81_2_00007FF6E0471BE8
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E046ABF41_2_00007FF6E046ABF4
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04693E01_2_00007FF6E04693E0
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04650941_2_00007FF6E0465094
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E04688B01_2_00007FF6E04688B0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0C8D04_2_00007FF717B0C8D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B03FD04_2_00007FF717B03FD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B076604_2_00007FF717B07660
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0ADC04_2_00007FF717B0ADC0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0BD604_2_00007FF717B0BD60
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD85004_2_00007FF717AD8500
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0C4D04_2_00007FF717B0C4D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AF74704_2_00007FF717AF7470
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B03A904_2_00007FF717B03A90
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0E1304_2_00007FF717B0E130
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AF88A04_2_00007FF717AF88A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0F8A04_2_00007FF717B0F8A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AE31004_2_00007FF717AE3100
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AE58604_2_00007FF717AE5860
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD10004_2_00007FF717AD1000
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD47524_2_00007FF717AD4752
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B0D7904_2_00007FF717B0D790
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AE36C04_2_00007FF717AE36C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD4EC04_2_00007FF717AD4EC0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B056C04_2_00007FF717B056C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717ADFE304_2_00007FF717ADFE30
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD6E304_2_00007FF717AD6E30
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B05DD04_2_00007FF717B05DD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B105704_2_00007FF717B10570
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717ADBC504_2_00007FF717ADBC50
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD54604_2_00007FF717AD5460
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AD22F04_2_00007FF717AD22F0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717AF7A104_2_00007FF717AF7A10
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFE1307_2_00007FF6BEFFE130
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFF3FD07_2_00007FF6BEFF3FD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFBD607_2_00007FF6BEFFBD60
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFADC07_2_00007FF6BEFFADC0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFC8D07_2_00007FF6BEFFC8D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFF76607_2_00007FF6BEFF7660
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1287307_2_00007FF6BF128730
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFE74707_2_00007FF6BEFE7470
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC85007_2_00007FF6BEFC8500
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF12A5307_2_00007FF6BF12A530
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF11F2207_2_00007FF6BF11F220
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFD31007_2_00007FF6BEFD3100
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF18CF807_2_00007FF6BF18CF80
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF065FB07_2_00007FF6BF065FB0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC10007_2_00007FF6BEFC1000
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC4EC07_2_00007FF6BEFC4EC0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1A0D507_2_00007FF6BF1A0D50
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFF5DD07_2_00007FF6BEFF5DD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC6E307_2_00007FF6BEFC6E30
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF105E207_2_00007FF6BF105E20
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFCFE307_2_00007FF6BEFCFE30
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFCBC507_2_00007FF6BEFCBC50
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF18CBAC7_2_00007FF6BF18CBAC
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF197C207_2_00007FF6BF197C20
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF12AAF07_2_00007FF6BF12AAF0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1AC9407_2_00007FF6BF1AC940
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF14B8607_2_00007FF6BF14B860
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFD58607_2_00007FF6BEFD5860
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1A08A07_2_00007FF6BF1A08A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFF8A07_2_00007FF6BEFFF8A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC47527_2_00007FF6BEFC4752
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF19F7B07_2_00007FF6BF19F7B0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFD7907_2_00007FF6BEFFD790
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1787F87_2_00007FF6BF1787F8
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFF56C07_2_00007FF6BEFF56C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFD36C07_2_00007FF6BEFD36C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1185707_2_00007FF6BF118570
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF0005707_2_00007FF6BF000570
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC54607_2_00007FF6BEFC5460
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1A24987_2_00007FF6BF1A2498
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF18D3547_2_00007FF6BF18D354
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1A13D07_2_00007FF6BF1A13D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1074007_2_00007FF6BF107400
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1142807_2_00007FF6BF114280
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFC22F07_2_00007FF6BEFC22F0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF18F1B07_2_00007FF6BF18F1B0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8456F8C7_2_00007FFDF8456F8C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84634707_2_00007FFDF8463470
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF863E8B07_2_00007FFDF863E8B0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF845E8907_2_00007FFDF845E890
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848F8907_2_00007FFDF848F890
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF849F9507_2_00007FFDF849F950
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF849B9107_2_00007FFDF849B910
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84929D07_2_00007FFDF84929D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848A9907_2_00007FFDF848A990
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8486A707_2_00007FFDF8486A70
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A5A807_2_00007FFDF84A5A80
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84B1AF07_2_00007FFDF84B1AF0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8704AF07_2_00007FFDF8704AF0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF846AB007_2_00007FFDF846AB00
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8518BC07_2_00007FFDF8518BC0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF846DC007_2_00007FFDF846DC00
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF846DCD07_2_00007FFDF846DCD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8705C747_2_00007FFDF8705C74
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84E5D307_2_00007FFDF84E5D30
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8520D507_2_00007FFDF8520D50
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A6DB07_2_00007FFDF84A6DB0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848ADA07_2_00007FFDF848ADA0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8723E4C7_2_00007FFDF8723E4C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8704EC47_2_00007FFDF8704EC4
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8706EA47_2_00007FFDF8706EA4
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84B5E807_2_00007FFDF84B5E80
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF870FFF07_2_00007FFDF870FFF0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848EFA07_2_00007FFDF848EFA0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84B4F707_2_00007FFDF84B4F70
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8647F6C7_2_00007FFDF8647F6C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84930507_2_00007FFDF8493050
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A70407_2_00007FFDF84A7040
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84B20A07_2_00007FFDF84B20A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF849D0A07_2_00007FFDF849D0A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A60D07_2_00007FFDF84A60D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85920607_2_00007FFDF8592060
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85971507_2_00007FFDF8597150
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85361607_2_00007FFDF8536160
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84862107_2_00007FFDF8486210
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84902107_2_00007FFDF8490210
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A72007_2_00007FFDF84A7200
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF87072D87_2_00007FFDF87072D8
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A02C07_2_00007FFDF84A02C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A62C07_2_00007FFDF84A62C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF872331C7_2_00007FFDF872331C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF872E34C7_2_00007FFDF872E34C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF86CC3507_2_00007FFDF86CC350
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84912E07_2_00007FFDF84912E0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF87063907_2_00007FFDF8706390
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF87175207_2_00007FFDF8717520
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF849B4907_2_00007FFDF849B490
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84A55507_2_00007FFDF84A5550
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84855C07_2_00007FFDF84855C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF846D5907_2_00007FFDF846D590
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848E6207_2_00007FFDF848E620
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF85F86207_2_00007FFDF85F8620
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84907207_2_00007FFDF8490720
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF870471C7_2_00007FFDF870471C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF87288207_2_00007FFDF8728820
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF848D7607_2_00007FFDF848D760
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF84D88307_2_00007FFDF84D8830
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: 8_2_00A530808_2_00A53080
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: String function: 00007FF6E03A6480 appears 86 times
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: String function: 00007FF6BEFC5D00 appears 99 times
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: String function: 00007FFDF86BEAD0 appears 40 times
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: String function: 00007FFDF86BF1A0 appears 34 times
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: String function: 00007FFDF8596E60 appears 31 times
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: String function: 00007FFDF8702C20 appears 35 times
Source: offertool_x64_ais-a52.vpx.4.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswc605fad6069c0afa.tmp.4.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswOfferTool.exe.10.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: avast_free_antivirus_setup_online.exe, 00000000.00000000.1741723851.0000000000A51000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemicrostub.exe, vs avast_free_antivirus_setup_online.exe
Source: avast_free_antivirus_setup_online.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal45.evad.winEXE@14/62@90/3
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A252F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_00A252F0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFF3C0 GetCurrentProcess,WaitForSingleObject,NtClose,GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,7_2_00007FF6BEFFF3C0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A21930 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GlobalFree,CoInitializeEx,CoCreateInstance,GetDC,CreateDIBSection,ReleaseDC,DeleteObject,0_2_00A21930
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A238C0 CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,FindResourceW,LoadResource,wsprintfW,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,0_2_00A238C0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exe
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_35e69e0b0454f6f32a1f69d518838d98
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeMutant created: NULL
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile created: C:\Windows\Temp\asw.e5da014393d7a8cdJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /silent0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /cookie0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /ppi_icd0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /cust_ini0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Enabled0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxyType0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Port0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: User0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Password0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: ProxySettings0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: Properties0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: /smbupd0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: enable0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: mirror0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: count0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: servers0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: urlpgm0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: server00_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: http://0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: https://0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: allow_fallback0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: mirror0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: installer.exe0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: {versionSwitch}0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: stable0_2_00A252F0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCommand line argument: %s\%s0_2_00A252F0
Source: avast_free_antivirus_setup_online.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\Temp\asw.35a621416d17dbaf\aswae44c8e81283413b.iniJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: instup.exeString found in binary or memory: <!--StartFragment-->
Source: instup.exeString found in binary or memory: animation-start!
Source: unknownProcess created: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe "C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe"
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeProcess created: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe "C:\Windows\Temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd /online_installer
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevated
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" /check_secure_browser
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeProcess created: C:\Users\Public\Documents\aswOfferTool.exe "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeProcess created: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cdJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe "C:\Windows\Temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cdJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd /online_installerJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevatedJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" /check_secure_browserJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFCJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: version.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile written: C:\Windows\Temp\asw.35a621416d17dbaf\aswae44c8e81283413b.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: avast_free_antivirus_setup_online.exeStatic PE information: certificate valid
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: avast_free_antivirus_setup_online.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: avast_free_antivirus_setup_online.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000000.1901694871.00007FF717D10000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdbG source: Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb| source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avast_free_antivirus_setup_online.exe, 00000000.00000000.1741668900.0000000000A43000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb4 source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: avast_free_antivirus_setup_online.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A221B0 KillTimer,InterlockedExchange,DefWindowProcW,GetWindowRect,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_00A221B0
Source: avast_free_antivirus_setup_online.exeStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: _RDATA
Source: HTMLayout.dll.1.drStatic PE information: section name: _RDATA
Source: Instup.exe.1.drStatic PE information: section name: _RDATA
Source: asw8942db44a573b872.tmp.4.drStatic PE information: section name: _RDATA
Source: avbugreport_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: avdump_x64_ais-a52.vpx.4.drStatic PE information: section name: .didat
Source: avdump_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: avdump_x86_ais-a52.vpx.4.drStatic PE information: section name: .didat
Source: instcont_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: setgui_x64_ais-a52.vpx.4.drStatic PE information: section name: _RDATA
Source: aswa5273fee23bddec6.tmp.4.drStatic PE information: section name: _RDATA
Source: asw4174fb7935f5125d.tmp.4.drStatic PE information: section name: .didat
Source: asw4174fb7935f5125d.tmp.4.drStatic PE information: section name: _RDATA
Source: aswd71ddc85231270c0.tmp.4.drStatic PE information: section name: _RDATA
Source: gcapi.dll.10.drStatic PE information: section name: .00cfg
Source: gcapi.dll.10.drStatic PE information: section name: .voltbl
Source: gcapi.dll.10.drStatic PE information: section name: malloc_h
Source: gcapi.dll.12.drStatic PE information: section name: .00cfg
Source: gcapi.dll.12.drStatic PE information: section name: .voltbl
Source: gcapi.dll.12.drStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A31396 push ecx; ret 0_2_00A313A9
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: 8_2_00B35F34 push ecx; ret 8_2_00B35F47

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_00A2A100
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf87882223bbc0c11.tmpJump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswa5273fee23bddec6.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile created: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw4174fb7935f5125d.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf291897fcfddd194.tmpJump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw8942db44a573b872.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswc605fad6069c0afa.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\instcont_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\offertool_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswd71ddc85231270c0.tmpJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeFile created: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf87882223bbc0c11.tmpJump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswa5273fee23bddec6.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile created: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw4174fb7935f5125d.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf291897fcfddd194.tmpJump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw8942db44a573b872.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswc605fad6069c0afa.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\instcont_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\offertool_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswd71ddc85231270c0.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\instcont_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\offertool_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeFile created: C:\Windows\Temp\asw.35a621416d17dbaf\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A252F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_00A252F0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_00A2A100
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeSection loaded: OutputDebugStringW count: 124
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeSection loaded: OutputDebugStringW count: 138
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF128730 rdtsc 7_2_00007FF6BF128730
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFF8A0 CreateIoCompletionPort,CloseHandle,GetCurrentProcess,NtCreateWorkerFactory,CloseHandle,NtQueryInformationProcess,NtQuerySystemInformation,GetCurrentProcessId,CloseHandle,CloseHandle,NtQueryInformationWorkerFactory,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,7_2_00007FF6BEFFF8A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x86_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\setgui_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf87882223bbc0c11.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswa5273fee23bddec6.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw4174fb7935f5125d.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\instup_x64_ais-a52.vpxJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeDropped PE file which has not been started: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\avbugreport_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\sbr_x64_ais-a52.vpxJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf291897fcfddd194.tmpJump to dropped file
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw8942db44a573b872.tmpJump to dropped file
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeAPI coverage: 7.3 %
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe TID: 8Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe TID: 2756Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe TID: 5796Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe TID: 4544Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF1787F8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,7_2_00007FF6BF1787F8
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A2792C VirtualQuery,GetSystemInfo,0_2_00A2792C
Source: avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWA8-477D-B80C-42CA25A49937}
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3636330752.00000000053CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: avast_free_antivirus_setup_online.exe, 00000000.00000002.3637598853.000000000543A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899585654.00000233C74F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3170691293.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266985651.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3170664111.00000233C750C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Instup.exe, 00000004.00000002.3641510534.000001287EC30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: instup.exennetm8
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B11F60 CheckRemoteDebuggerPresent,NdrClientCall3,4_2_00007FF717B11F60
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF128730 rdtsc 7_2_00007FF6BF128730
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF10AFB0 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LdrUnlockLoaderLock,7_2_00007FF6BF10AFB0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A310FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A310FF
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF17C910 GetLastError,IsDebuggerPresent,OutputDebugStringW,7_2_00007FF6BF17C910
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFF8A0 CreateIoCompletionPort,CloseHandle,GetCurrentProcess,NtCreateWorkerFactory,CloseHandle,NtQueryInformationProcess,NtQuerySystemInformation,GetCurrentProcessId,CloseHandle,CloseHandle,NtQueryInformationWorkerFactory,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,7_2_00007FF6BEFFF8A0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A221B0 KillTimer,InterlockedExchange,DefWindowProcW,GetWindowRect,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_00A221B0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A37C5A mov eax, dword ptr fs:[00000030h]0_2_00A37C5A
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: 8_2_00B56942 mov ecx, dword ptr fs:[00000030h]8_2_00B56942
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: 8_2_00B5E699 mov eax, dword ptr fs:[00000030h]8_2_00B5E699
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A227B0 GetLastError,GetLastError,GetLastError,GetFileSizeEx,wsprintfW,SetFilePointerEx,SetEndOfFile,GetLastError,InterlockedExchange,GetProcessHeap,RtlAllocateHeap,WriteFile,InterlockedExchangeAdd,GetLastError,SetFilePointerEx,SetEndOfFile,GetLastError,GetProcessHeap,RtlFreeHeap,GetLastError,SetLastError,0_2_00A227B0
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A310FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A310FF
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A31292 SetUnhandledExceptionFilter,0_2_00A31292
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A313AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A313AB
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A34476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00A34476
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E043955C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6E043955C
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0448700 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6E0448700
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6E0439090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6E0439090
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFB4A0 SetUnhandledExceptionFilter,GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,7_2_00007FF6BEFFB4A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF17BF5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF6BF17BF5C
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF18B654 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF6BF18B654
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFFB6A0 GetModuleHandleW,GetProcAddress,VirtualProtect,VirtualProtect,SetUnhandledExceptionFilter,7_2_00007FF6BEFFB6A0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF8718EA4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FFDF8718EA4
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FFDF86D84E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FFDF86D84E8
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: 8_2_00B41D41 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00B41D41
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: 8_2_00B34FBE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00B34FBE
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeProcess created: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cdJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe "C:\Windows\Temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cdJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe "C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd /online_installerJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe "c:\windows\temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:c:\windows\temp\asw.e5da014393d7a8cd
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe "c:\windows\temp\asw.35a621416d17dbaf\new_180b17f9\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:c:\windows\temp\asw.e5da014393d7a8cd /online_installer
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe "c:\windows\temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:c:\windows\temp\asw.e5da014393d7a8cdJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeProcess created: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe "c:\windows\temp\asw.35a621416d17dbaf\new_180b17f9\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:c:\windows\temp\asw.e5da014393d7a8cd /online_installerJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BF10B410 FreeSid,AllocateAndInitializeSid,DuplicateToken,CheckTokenMembership,CloseHandle,GetLastError,GetLastError,GetLastError,7_2_00007FF6BF10B410
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanUSER32.DLLWorkerWGetMonitorInfoWMonitorFromWindow%s KERNEL32.DLL
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A3153D cpuid 0_2_00A3153D
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,1_2_00007FF6E046F5E8
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,1_2_00007FF6E046F938
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: GetLocaleInfoW,1_2_00007FF6E0467140
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,1_2_00007FF6E046FA08
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00007FF6E046FE48
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00007FF6E0470024
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeCode function: EnumSystemLocalesW,1_2_00007FF6E0466C64
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,7_2_00007FFDF8722C98
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: GetLocaleInfoA,RtlLeaveCriticalSection,7_2_00007FFDF8457E67
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00B630F7
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00B634D0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00B5D86D
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00B63050
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_00B635F9
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00B631DD
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: EnumSystemLocalesW,8_2_00B63142
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00B636FF
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_00B5DE2A
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,8_2_00B63270
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,8_2_00B62E4F
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_00B637CE
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeQueries volume information: C:\Windows\Temp\asw.35a621416d17dbaf\servers.def.vpx VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A241B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,0_2_00A241B0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeCode function: 0_2_00A221B0 KillTimer,InterlockedExchange,DefWindowProcW,GetWindowRect,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_00A221B0
Source: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exeCode function: 4_2_00007FF717B03FD0 GetFileAttributesW,RpcStringBindingComposeW,RpcBindingFromStringBindingW,GetFileAttributesW,4_2_00007FF717B03FD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFF3FD0 GetFileAttributesW,__std_exception_destroy,__std_exception_destroy,__std_exception_destroy,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,GetModuleFileNameW,GetFileAttributesW,__std_exception_destroy,__std_exception_destroy,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,7_2_00007FF6BEFF3FD0
Source: C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exeCode function: 7_2_00007FF6BEFF56C0 RemoveVectoredExceptionHandler,SetEvent,GetCurrentThreadId,RpcBindingFree,std::_Throw_Cpp_error,std::_Throw_Cpp_error,std::_Throw_Cpp_error,7_2_00007FF6BEFF56C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		11
Input Capture		1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts13
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		2
Obfuscated Files or Information		LSASS Memory3
File and Directory Discovery		Remote Desktop Protocol11
Input Capture		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Windows Service		1
DLL Side-Loading		Security Account Manager56
System Information Discovery		SMB/Windows Admin Shares2
Clipboard Data		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Bootkit		12
Process Injection		1
DLL Search Order Hijacking		NTDS1
Query Registry		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
Masquerading		LSA Secrets271
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
Virtualization/Sandbox Evasion		Cached Domain Credentials23
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Process Injection		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Bootkit		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557017 Sample: avast_free_antivirus_setup_... Startdate: 17/11/2024 Architecture: WINDOWS Score: 45 61 v7event.stats.avast.com 2->61 63 shepherd.ff.avast.com 2->63 65 9 other IPs or domains 2->65 83 Sigma detected: Execution from Suspicious Folder 2->83 11 avast_free_antivirus_setup_online.exe 1 3 2->11         started        signatures3 process4 dnsIp5 79 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49732, 49738 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 11->79 55 avast_free_antivir...etup_online_x64.exe, PE32+ 11->55 dropped 95 Query firmware table information (likely to detect VMs) 11->95 97 Contains functionality to infect the boot sector 11->97 16 avast_free_antivirus_setup_online_x64.exe 2 31 11->16         started        file6 signatures7 process8 file9 39 C:\Windows\Temp\...\Instup.exe, PE32+ 16->39 dropped 41 C:\Windows\Temp\...\Instup.dll, PE32+ 16->41 dropped 43 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 16->43 dropped 81 Query firmware table information (likely to detect VMs) 16->81 20 Instup.exe 7 34 16->20         started        signatures10 process11 dnsIp12 67 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49746, 49766 ATGS-MMD-ASUS United States 20->67 69 w5805295.iavs9x.u.avast.com 20->69 71 5 other IPs or domains 20->71 47 C:\Windows\Temp\...\instup.exe (copy), PE32+ 20->47 dropped 49 C:\Windows\Temp\...\uat64.dll, PE32+ 20->49 dropped 51 C:\Windows\Temp\...\setgui_x64_ais-a52.vpx, PE32+ 20->51 dropped 53 20 other files (none is malicious) 20->53 dropped 85 Query firmware table information (likely to detect VMs) 20->85 87 Tries to delay execution (extensive OutputDebugStringW loop) 20->87 89 Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) 20->89 25 instup.exe 3 10 20->25         started        file13 signatures14 process15 dnsIp16 73 ipm-gcp-prod.ff.avast.com 34.111.24.1, 443, 49776 GOOGLEUS United States 25->73 75 y9830512.iavs9x.u.avast.com 25->75 77 14 other IPs or domains 25->77 91 Query firmware table information (likely to detect VMs) 25->91 93 Tries to delay execution (extensive OutputDebugStringW loop) 25->93 29 aswOfferTool.exe 25->29         started        32 aswOfferTool.exe 25->32         started        34 aswOfferTool.exe 25->34         started        signatures17 process18 file19 57 C:\Users\Public\Documents\aswOfferTool.exe, PE32 29->57 dropped 59 C:\Windows\Temp\...\gcapi.dll, PE32 29->59 dropped 36 aswOfferTool.exe 29->36         started        process20 file21 45 C:\Users\Public\Documents\gcapi.dll, PE32 36->45 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
avast_free_antivirus_setup_online.exe0%ReversingLabs
avast_free_antivirus_setup_online.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Documents\aswOfferTool.exe0%ReversingLabs
C:\Users\Public\Documents\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\HTMLayout.dll0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\Instup.dll0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvBugReport.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvDump.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\HTMLayout.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw4174fb7935f5125d.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw8942db44a573b872.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswa5273fee23bddec6.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswc605fad6069c0afa.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswd71ddc85231270c0.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf291897fcfddd194.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf87882223bbc0c11.tmp0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.dll (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\sbr.exe (copy)0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\avbugreport_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x86_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\instcont_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\instup_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\offertool_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\sbr_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\setgui_x64_ais-a52.vpx0%ReversingLabs
C:\Windows\Temp\asw.35a621416d17dbaf\uat64.dll0%ReversingLabs
C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
iavs9x.u.avcdn.net0%VirustotalBrowse
r9319236.vps18tiny.u.avcdn.net0%VirustotalBrowse
n4291289.vps18tiny.u.avcdn.net0%VirustotalBrowse
s-vps18tiny.avcdn.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://n8283613.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgiA0%Avira URL Cloudsafe
https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny0%Avira URL Cloudsafe
http://m0658849.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://j0294597.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgi40%Avira URL Cloudsafe
http://m0658849.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://d3176133.ivps9x.u.avast.com/ivps9x(0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgindr0%Avira URL Cloudsafe
http://h4444966.vps18tiny.u.avcdn.net/vps18tiny-0%Avira URL Cloudsafe
http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyN0%Avira URL Cloudsafe
https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgiH0%Avira URL Cloudsafe
http://w5805295.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgiRTSC0%Avira URL Cloudsafe
http://s1843811.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
https://csw.client.privax.comhttps://win.client.cleanup.avirahttps://win.client.secureline.avirahttp0%Avira URL Cloudsafe
http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://j0294597.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgiq0%Avira URL Cloudsafe
https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe0%Avira URL Cloudsafe
http://n2833777.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgim0%Avira URL Cloudsafe
https://v7.stau0%Avira URL Cloudsafe
http://w5805295.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://c3978047.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgi~0%Avira URL Cloudsafe
http://d3176133.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://l2983942.ivps9tiny.u.avast.com/ivps9tinyp0%Avira URL Cloudsafe
https://pair.ff.avast.com0%Avira URL Cloudsafe
http://r4427608.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://n8283613.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
http://n8283613.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://r3802239.iavs5x.u.avast.com/iavs5xmFtcyI6W3s0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgib0%Avira URL Cloudsafe
http://f3461309.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
http://w5805295.vpsnit0%Avira URL Cloudsafe
http://keys.backup.norton.com0%Avira URL Cloudsafe
http://j0294597.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://h4444966.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://j0294597.ivps9x.u.avast.com/ivps9x(0%Avira URL Cloudsafe
http://www.avast.com0/0%Avira URL Cloudsafe
http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://w5805295.iavs5x.u.avast.com/iavs5x(0%Avira URL Cloudsafe
http://sm00.avast.com/cgi-bin/iavsup2.cgi0%Avira URL Cloudsafe
http://d3176133.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://p9854759.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://n2833777.ivps9x.u.avast.com/ivps9x0%Avira URL Cloudsafe
https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny)0%Avira URL Cloudsafe
http://r3802239.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://y9830512.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://z4055813.vpsnitro.u.avast.com/vpsnitro0%Avira URL Cloudsafe
http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
http://c3978047.iavs5x.u.avast.com/iavs5x0%Avira URL Cloudsafe
http://s1843811.vps18tiny.u.avcdn.net/vps18tiny0%Avira URL Cloudsafe
http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny0%Avira URL Cloudsafe
https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dSe0%Avira URL Cloudsafe
http://w5805295.ivps9tiny.u.avast.com/ivps9tinyi0%Avira URL Cloudsafe
http://r9319236.ivps9tiny.u.avast.com/ivps9tiny0%Avira URL Cloudsafe
http://submit5.avast.com/cgi-bin/submit50.cgi0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipm-gcp-prod.ff.avast.com
34.111.24.1
truefalse
    		high
    shepherd-gcp.ff.avast.com
    		34.160.176.28
    		truefalse
      		high
      analytics-prod-gcp.ff.avast.com
      		34.117.223.223
      		truefalse
        		high
        h4444966.iavs9x.u.avast.com
        		unknown
        		unknownfalse
          		high
          shepherd.ff.avast.com
          		unknown
          		unknownfalse
            		high
            h4305360.iavs9x.u.avast.com
            		unknown
            		unknownfalse
              		high
              ipm.avcdn.net
              		unknown
              		unknownfalse
                		high
                n4291289.vps18tiny.u.avcdn.net
                		unknown
                		unknownfalseunknown
                ipmcdn.avast.com
                		unknown
                		unknownfalse
                  		high
                  iavs9x.u.avcdn.net
                  		unknown
                  		unknownfalseunknown
                  f3461309.iavs9x.u.avast.com
                  		unknown
                  		unknownfalse
                    		high
                    v7event.stats.avast.com
                    		unknown
                    		unknownfalse
                      		high
                      r9319236.iavs9x.u.avast.com
                      		unknown
                      		unknownfalse
                        		high
                        s-iavs9x.avcdn.net
                        		unknown
                        		unknownfalse
                          		high
                          r9319236.vps18tiny.u.avcdn.net
                          		unknown
                          		unknownfalseunknown
                          p9854759.iavs9x.u.avast.com
                          		unknown
                          		unknownfalse
                            		high
                            y9830512.iavs9x.u.avast.com
                            		unknown
                            		unknownfalse
                              		high
                              w5805295.iavs9x.u.avast.com
                              		unknown
                              		unknownfalse
                                		high
                                s-vps18tiny.avcdn.net
                                		unknown
                                		unknownfalseunknown
                                n4291289.iavs9x.u.avast.com
                                		unknown
                                		unknownfalse
                                  		high
                                  analytics.avcdn.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    n8283613.iavs9x.u.avast.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      r4427608.vps18tiny.u.avcdn.net
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        y8002308.vps18tiny.u.avcdn.net
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          s1843811.iavs9x.u.avast.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            n2833777.vps18tiny.u.avcdn.net
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              analytics.ff.avast.com
                                              		unknown
                                              		unknownfalse
                                                		high

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://shepherd.ff.avast.com/false
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://j0294597.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://n8283613.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://j0294597.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://s-vpsnitrotiny.avcdn.net/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://d3176133.ivps9x.u.avast.com/ivps9x(Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://p1043812.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://c3978047.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://id.avast.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EB80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgiavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899585654.00000233C74F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3170691293.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266985651.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636783059.00000233C240A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3170402299.00000233C240A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892202133.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C2404000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641757282.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521427109.00000233C2405000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://submit5.avast.com/cgi-bin/submit50.cgi4Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://h4444966.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://m0658849.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://submit5.avast.com/cgi-bin/submit50.cgindrInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://h4444966.vps18tiny.u.avcdn.net/vps18tiny-Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://submit5.avast.com/cgi-bin/submit50.cgiAInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designersavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://n2833777.iavs9x.u.avast.com/iavs9xcgiyeInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://m0658849.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyNInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.google.com/chrome/browser/privacy/chrome_priv_policyhttps://www.google.com/intl/%s/chromavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://s1843811.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://submit5.avast.com/cgi-bin/submit50.cgiHInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeavast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://n8283613.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exeavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://s1843811.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://submit5.avast.com/cgi-bin/submit50.cgiRTSCInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://j0294597.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://w5805295.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://winqual.sb.avast.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.galapagosdesign.com/DPleaseavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://csw.client.privax.comhttps://win.client.cleanup.avirahttps://win.client.secureline.avirahttpavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://submit5.avast.com/cgi-bin/submit50.cgiqInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://n2833777.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://submit5.avast.com/cgi-bin/submit50.cgimInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avast_free_antivirus_setup_online.exe, 00000000.00000003.2432430854.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637324680.0000000005425000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005423000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3636777891.00000000053F9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899585654.00000233C74F7000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266985651.00000233C74F8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892202133.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C74FC000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521658106.00000233C750F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://h4444966.iavs9x.u.avast.com/iavs9x(Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://v7.stauavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899424745.00000233C7555000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3640166879.000001287CEC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://w5805295.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://submit5.avast.com/cgi-bin/submit50.cgi~Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://d3176133.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://c3978047.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://l2983942.ivps9tiny.u.avast.com/ivps9tinypInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://pair.ff.avast.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://n8283613.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://r4427608.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://y8002308.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://https://:allow_fallback/installer.exeavast_free_antivirus_setup_online.exe, 00000000.00000000.1741668900.0000000000A43000.00000002.00000001.01000000.00000003.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://submit.sb.avast.com/V1/PD/avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://n8283613.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://submit5.avast.com/cgi-bin/submit50.cgibInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://submit5.avast.com/cgi-bin/submit50.cgiaInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://r3802239.iavs5x.u.avast.com/iavs5xmFtcyI6W3sInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://w5805295.vpsnitavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://f3461309.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://keys.backup.norton.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://j0294597.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.founder.com.cn/cn/bTheavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3641342582.00000233C5FA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://h4444966.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2521256130.00000233C23D8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3636327629.00000233C23D9000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2266775366.00000233C23D3000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://f3461309.iavs9x.u.avast.com/iavs9x9tinyInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://j0294597.ivps9x.u.avast.com/ivps9x(Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://f3461309.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.avast.com0/avast_free_antivirus_setup_online.exe, 00000000.00000003.1831808955.000000000547B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1889970098.00000233C7635000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C8C57000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1890713452.00000233C8FBC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141923403.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2147337043.0000012800AA2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2145466630.0000012800AA9000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2157999644.0000012800AAD000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2156110713.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDA3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2141476327.0000012800C1E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642684998.000001287EE16000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2046221423.0000012800AAB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.0000012801D0D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.1990638632.000001287F79F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2143918593.0000012800AAE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2027689657.000001287F5CA000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2009790951.000001287F5CB000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2144375693.000001287EE31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110909954.0000012800AAF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://d3176133.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://d3176133.iavs9x.u.avast.com/iavs9x(Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://p9854759.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://sm00.avast.com/cgi-bin/iavsup2.cgiavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1920795217.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1899122940.00000233C7562000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://w5805295.iavs5x.u.avast.com/iavs5x(Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://l2983942.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://n2833777.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://p9854759.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny)Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://r3802239.vpsnitro.u.avast.com/vpsnitroInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://ipm.avcdn.net/avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C754E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641344446.000001287E9D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://n2833777.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://y9830512.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://analytics.avcdn.net/v4/receive/json/70.05Lavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1887271337.00000233C7515000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://z4055813.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://v7event.stats.avast.com/avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://c3978047.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://y9830512.iavs9x.u.avast.com/iavs9xcgiInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.google.com/intl/%s/policies/terms/google_termslearn_moreAvBehav_Googlechrome_trygoogle_tavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1897794571.00000233C83F0000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2153193097.00000128014A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008918737.000001287EDE3000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://s1843811.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://r0965026.iavs9x.u.avast.com/iavs9x.cgiYInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%dSeavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1830034894.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://n2833777.iavs9x.u.avast.com/iavs9x(Instup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://t1024579.iavs9x.u.avast.com/iavs9x9tinyInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://w5805295.ivps9tiny.u.avast.com/ivps9tinyiInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://v7event.stats.avast.com/cgi-bin/iavsevents.cgikavast_free_antivirus_setup_online.exe, 00000000.00000003.1832235656.0000000005439000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000002.3637694190.0000000005445000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432767416.0000000005444000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online.exe, 00000000.00000003.2432668341.0000000005439000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://submit5.avast.com/cgi-bin/submit50.cgiInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287ED99000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3641510534.000001287EBCE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://h4305360.iavs9x.u.avast.com/iavs9xtronInstup.exe, 00000004.00000002.3642781663.000001287F527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://r9319236.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1891972574.00000233C755A000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1874167263.00000233C74B0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1892068657.00000233C755B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642312352.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2045197751.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000002.3642781663.000001287F41F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008876265.000001287EDA6000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2026915281.000001287EDAF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2142127307.000001287EDA8000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2008825062.000001287EE03000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000004.00000003.2110072203.000001287EDA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          34.111.24.1
                                                                                                                          		ipm-gcp-prod.ff.avast.comUnited States
                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                          34.160.176.28
                                                                                                                          		shepherd-gcp.ff.avast.comUnited States
                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                          34.117.223.223
                                                                                                                          		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1557017
                                                                                                                          Start date and time:2024-11-17 04:12:54 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 11m 55s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                          Number of analysed new started processes analysed:14
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:avast_free_antivirus_setup_online.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal45.evad.winEXE@14/62@90/3
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 100%
                                                                                                                          HCA Information:Failed
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 142.250.184.238, 2.20.245.134, 2.20.245.135, 23.32.238.160, 2.19.198.50, 96.16.122.51, 96.16.122.45, 23.212.89.10, 23.32.238.162, 23.32.238.89, 2.20.93.64, 96.16.122.58, 96.16.122.50, 142.250.74.200, 23.212.88.245
                                                                                                                          • Excluded domains from analysis (whitelisted): u4.avcdn.net.edgesuite.net, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, e9229.dscd.akamaiedge.net, ctldl.windowsupdate.com, a117.dscd.akamai.net, iavs9x4.u.avcdn.net.edgesuite.net, e13223.dscd.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, a27.dscd.akamai.net, ssl.google-analytics.com, fallbackupdates.avcdn.net.edgekey.net, ocsp.digicert.com, ipmcdn.avast.com.edgekey.net, www.google-analytics.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          No simulations

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          34.117.223.223Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          ccsetup621.zipGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          _.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                          34.160.176.28https://www.ccleaner.com/Get hashmaliciousUnknownBrowse
                                                                                                                            https://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                              https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  SecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse

                                                                                                                                            Domains

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            shepherd-gcp.ff.avast.comhttps://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            ccsetup624.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.160.176.28
                                                                                                                                            analytics-prod-gcp.ff.avast.comhttps://download.ccleaner.com/portable/ccsetup629.zipGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmailGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            Team Fortress 2 Brotherhood Of Arms_aez-LU1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            SecuriteInfo.com.Riskware.OfferCore.5002.4698.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            94.exeGet hashmaliciousUrsnifBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exeGet hashmaliciousUrsnifBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            ccsetup624.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223

                                                                                                                                            ASNs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.117.188.166
                                                                                                                                            ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            • 34.160.144.191

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            74954a0c86284d0d6e1c4efefe92b521file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            file.exeGet hashmaliciousCStealerBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            https://storage.googleapis.com/windows_bucket1/turbo/download/TurboVPN_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            #U2749VER CUENTA#U2749_#U2464#U2466#U2460#U2462#U2463#U2460#U2466#U2462.htaGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            6725c86d7fc7b.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            26HY8aPgae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            26HY8aPgae.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            upb.htaGet hashmaliciousUnknownBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28
                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 34.117.223.223
                                                                                                                                            • 34.111.24.1
                                                                                                                                            • 34.160.176.28

                                                                                                                                            Dropped Files

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            C:\Users\Public\Documents\gcapi.dllSecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        _.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            Microstub.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (498), with CRLF line terminators
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):51821
                                                                                                                                                              Entropy (8bit):5.212629919827149
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:7shijY5MP3DHmyex25yPqsZiuDi/2prXS94JeihMNguqROgxRGF8IRSJr8I:ohijYWbcIxUOg/2Rar8I
                                                                                                                                                              MD5:DB37B46558CCC2D522164B6EB9C05AEE
                                                                                                                                                              SHA1:CA1EC278B50A566829BD7C5CE4661148EE3C09B6
                                                                                                                                                              SHA-256:E3DBE803DE185A55ABAC76BA8F8AD223BABBE6A5F5C8CEE1D80097C970CA844D
                                                                                                                                                              SHA-512:676DB70881BB6ABF6DE8249A143A5C70402B0B17A19663D9C9807E04F62202AAB3C25258A9976F377905C2DBBB84204593E05F61ADCC631F512B1D2DE6049C55
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:.[2024-11-17 03:14:00.853] [info ] [sfxinst ] [ 2104: 4420] [593C85:1011] --..[2024-11-17 03:14:00.853] [info ] [sfxinst ] [ 2104: 4420] [593C85:1012] START: Avast SFX stub executable..[2024-11-17 03:14:00.853] [info ] [sfxinst ] [ 2104: 4420] [593C85: 307] Entering SFX stub guarded code section...[2024-11-17 03:14:00.885] [info ] [sfxinst ] [ 2104: 4420] [593C85: 406] Running SFX 'C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe'..[2024-11-17 03:14:05.150] [info ] [sfxinst ] [ 2104: 4420] [593C85: 648] Moved extra data file 'ecoo.edat' to 'C:\Windows\Temp\asw.35a621416d17dbaf\cookie.bin'...[2024-11-17 03:14:06.447] [notice ] [burger_rep ] [ 2104: 732] [0CE298: 64] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-11-17 03:14:07.760] [info ] [sfxinst ] [ 2104: 4420] [593C85: 938] Starting installer/updater executable 'C:\Windows\Temp\asw.35a621416d17dbaf\instup.exe'..[

                                                                                                                                                              C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):281
                                                                                                                                                              Entropy (8bit):4.646446864144218
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:u/nQn/ObVg3IKw6B6TjyZ9xt/OXWJg3IKw6B6Tjy3:uIn/f16qZ9v/K16q3
                                                                                                                                                              MD5:30E5397A162590168BD58E223DABA495
                                                                                                                                                              SHA1:C0578408A6917F46F046C6CA3034D8A20E3BD971
                                                                                                                                                              SHA-256:03754E1F486F7400CAF8992B1BD9736C05368FC9D5C1FE29BF61ADE80648571C
                                                                                                                                                              SHA-512:802806B9775FFDC985E500B3336148F3042C8551B0B5A87A29F388F256947D7E770EDFC0F56E7BD953676A47464A4EFDEAF82117E736BFF11F60DE800EBB8731
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:.[2024-11-17 03:14:11.768] [info ] [burger ] [ 5828: 4080] [7BC2B2: 55] Storage path was not set so neither stored events are read...[2024-11-17 03:14:43.445] [info ] [burger ] [ 5448: 4092] [7BC2B2: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                              C:\Users\Public\Documents\aswOfferTool.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2494808
                                                                                                                                                              Entropy (8bit):6.788672549451929
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                              MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                              SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                              SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\Public\Documents\gcapi.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):888600
                                                                                                                                                              Entropy (8bit):6.799400661071435
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                              MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                              SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                              SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                              SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen29.7508.16428.4641.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: _.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\HTMLayout.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4144936
                                                                                                                                                              Entropy (8bit):6.480296620316725
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                              MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                              SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                              SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                              SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\Instup.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):22801704
                                                                                                                                                              Entropy (8bit):6.535582973837928
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                              MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                              SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                              SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                              SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3845976
                                                                                                                                                              Entropy (8bit):6.446087740263079
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                              MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                              SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                              SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                              SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvBugReport.exe (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):5974312
                                                                                                                                                              Entropy (8bit):6.5089634796762645
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:98304:h4UK+0gSE5JsDIUG1hH5jDU1oz1ffhu0mkVunrAWG:h4UKDDcHpDIoz1ffhu0mkVunrD
                                                                                                                                                              MD5:5EB7F2A77F38CC890E1C673DD56FC398
                                                                                                                                                              SHA1:DB04D0804F3AF875481EB1587E402673B81D3702
                                                                                                                                                              SHA-256:C21A7EFF706500F52DECF9E3E56B32D745117E0E3915A993FE09F42759933583
                                                                                                                                                              SHA-512:C3F118CC6E4725883A490CADC01D6EE127F61F7120D24723FB0BE10E5E6BDA532431948EE9EA25C2F9F49DB90774766055610FEF609A1CA5FC73638322E8BA57
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........&.R.G...G...G...5...G...5...G....`..G......G......G......G...?...G...2...G...2..sG...2...G...G...G...2...G...2...G...5...G...5...G...G...E......F......G....b..G...G...G......G..Rich.G..........................PE..d...:.+g.........."....&..>....................@..............................[......`[...`...........................................P.......P.h....`[......PX.....H.Z..*...p[..v....H.......................H.(...p.H.@............0>..............................text...\.>.......>................. ..`.rdata..J"...0>..$....>.............@..@.data........`P..B...<P.............@....pdata.......PX......~W.............@..@_RDATA.......P[......|Z.............@..@.rsrc........`[......~Z.............@..@.reloc...v...p[..x....Z.............@..B................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\AvDump.exe (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3490088
                                                                                                                                                              Entropy (8bit):6.471350218694381
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:hUibSM+WrqZSA6y1MlO0WWu6osCXHtX49IAsrtPtxlCtTJ+T1cTyyaJJtd1gqm3:h3CW10IWXp4+Mx
                                                                                                                                                              MD5:4FBA79C03BE659487FA0828C4AA48A90
                                                                                                                                                              SHA1:AE0D8BBE50195CAE68265124081C5326AF069323
                                                                                                                                                              SHA-256:9E64033FD4E5D44D766BB5ADF415CF9D1A5372E350E042BCE324147FABD7D9E3
                                                                                                                                                              SHA-512:CC489DF290E704D340B6C429719A4BDDAB5FA8B0287E45931F9AF990FD127F350D3A20B94B5C804A3BE5140EDAB5FD8311B4B31856C831C02B69DFFCADB9A46B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......9@L>}!"m}!"m}!"m.S!lv!"m.S'l.!"m.S&la!"m{..m~!"m{.&lo!"m{.!li!"m{.'l.!"mtY.m.!"m.T&l|!"m}!"mz!"m+T'l~!"m.S#ld!"m.T'lt!"m}!#m. "m..+l.!"m.."l|!"m...m|!"m}!.m.!"m.. l|!"mRich}!"m................PE..d....+g.........."....&.. ....................@..............................5......26...`.........................................`.,.....D ,.......4.8.....3.,...H.5..*....5..U....&.......................&.(...p.".@............. .`.....,.@....................text...|. ....... ................. ..`.rdata....... ....... .............@..@.data........P,..4....,.............@....pdata..,.....3......b2.............@..@.didat..P.....4.......3.............@..._RDATA........4.......3.............@..@.rsrc...8.....4.......3.............@..@.reloc...U....5..V....4.............@..B................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\HTMLayout.dll (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4144936
                                                                                                                                                              Entropy (8bit):6.480296620316725
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                              MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                              SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                              SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                              SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw4174fb7935f5125d.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3490088
                                                                                                                                                              Entropy (8bit):6.471350218694381
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:hUibSM+WrqZSA6y1MlO0WWu6osCXHtX49IAsrtPtxlCtTJ+T1cTyyaJJtd1gqm3:h3CW10IWXp4+Mx
                                                                                                                                                              MD5:4FBA79C03BE659487FA0828C4AA48A90
                                                                                                                                                              SHA1:AE0D8BBE50195CAE68265124081C5326AF069323
                                                                                                                                                              SHA-256:9E64033FD4E5D44D766BB5ADF415CF9D1A5372E350E042BCE324147FABD7D9E3
                                                                                                                                                              SHA-512:CC489DF290E704D340B6C429719A4BDDAB5FA8B0287E45931F9AF990FD127F350D3A20B94B5C804A3BE5140EDAB5FD8311B4B31856C831C02B69DFFCADB9A46B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......9@L>}!"m}!"m}!"m.S!lv!"m.S'l.!"m.S&la!"m{..m~!"m{.&lo!"m{.!li!"m{.'l.!"mtY.m.!"m.T&l|!"m}!"mz!"m+T'l~!"m.S#ld!"m.T'lt!"m}!#m. "m..+l.!"m.."l|!"m...m|!"m}!.m.!"m.. l|!"mRich}!"m................PE..d....+g.........."....&.. ....................@..............................5......26...`.........................................`.,.....D ,.......4.8.....3.,...H.5..*....5..U....&.......................&.(...p.".@............. .`.....,.@....................text...|. ....... ................. ..`.rdata....... ....... .............@..@.data........P,..4....,.............@....pdata..,.....3......b2.............@..@.didat..P.....4.......3.............@..._RDATA........4.......3.............@..@.rsrc...8.....4.......3.............@..@.reloc...U....5..V....4.............@..B................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\asw8942db44a573b872.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4144936
                                                                                                                                                              Entropy (8bit):6.480296620316725
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                              MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                              SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                              SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                              SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2494808
                                                                                                                                                              Entropy (8bit):6.788672549451929
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                              MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                              SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                              SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswa5273fee23bddec6.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):5974312
                                                                                                                                                              Entropy (8bit):6.5089634796762645
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:98304:h4UK+0gSE5JsDIUG1hH5jDU1oz1ffhu0mkVunrAWG:h4UKDDcHpDIoz1ffhu0mkVunrD
                                                                                                                                                              MD5:5EB7F2A77F38CC890E1C673DD56FC398
                                                                                                                                                              SHA1:DB04D0804F3AF875481EB1587E402673B81D3702
                                                                                                                                                              SHA-256:C21A7EFF706500F52DECF9E3E56B32D745117E0E3915A993FE09F42759933583
                                                                                                                                                              SHA-512:C3F118CC6E4725883A490CADC01D6EE127F61F7120D24723FB0BE10E5E6BDA532431948EE9EA25C2F9F49DB90774766055610FEF609A1CA5FC73638322E8BA57
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........&.R.G...G...G...5...G...5...G....`..G......G......G......G...?...G...2...G...2..sG...2...G...G...G...2...G...2...G...5...G...5...G...G...E......F......G....b..G...G...G......G..Rich.G..........................PE..d...:.+g.........."....&..>....................@..............................[......`[...`...........................................P.......P.h....`[......PX.....H.Z..*...p[..v....H.......................H.(...p.H.@............0>..............................text...\.>.......>................. ..`.rdata..J"...0>..$....>.............@..@.data........`P..B...<P.............@....pdata.......PX......~W.............@..@_RDATA.......P[......|Z.............@..@.rsrc........`[......~Z.............@..@.reloc...v...p[..x....Z.............@..B................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswc605fad6069c0afa.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2494808
                                                                                                                                                              Entropy (8bit):6.788672549451929
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                              MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                              SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                              SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswd71ddc85231270c0.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3845976
                                                                                                                                                              Entropy (8bit):6.446087740263079
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                              MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                              SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                              SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                              SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf291897fcfddd194.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20776
                                                                                                                                                              Entropy (8bit):6.666276726657009
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:9xaZ9QOb3KiVm+U28iAmIYiWop1/wfT3ir2WSx7bLu2:9YZ99bhU28iSYic3iPmbL
                                                                                                                                                              MD5:E604C448F9DAAD033021B419CF03C534
                                                                                                                                                              SHA1:B4918BA6D91A5F3338425DF2AEB71467C64E1EAD
                                                                                                                                                              SHA-256:C318DF6F10D3041293015097F2E868AE5D0FB0FD32EBCBD4B512BC660DDA4B88
                                                                                                                                                              SHA-512:4276A4EC8F3F94062A268A8EF17ED1E0AC30441553044E9205C23344EECA45BA28851BBA48867AAAD3354BEE285C6C81A3DE1595E5D025BAC3692DA3D1A97EA8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...%.+g.........."....&.....0.................@.............................p......'.....`..................................................&..d....`..`....P......H&...*...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswf87882223bbc0c11.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):22801704
                                                                                                                                                              Entropy (8bit):6.535582973837928
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                              MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                              SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                              SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                              SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\gcapi.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):888600
                                                                                                                                                              Entropy (8bit):6.799400661071435
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                              MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                              SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                              SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                              SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.dll (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):22801704
                                                                                                                                                              Entropy (8bit):6.535582973837928
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                              MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                              SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                              SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                              SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3845976
                                                                                                                                                              Entropy (8bit):6.446087740263079
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                              MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                              SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                              SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                              SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\sbr.exe (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20776
                                                                                                                                                              Entropy (8bit):6.666276726657009
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:9xaZ9QOb3KiVm+U28iAmIYiWop1/wfT3ir2WSx7bLu2:9YZ99bhU28iSYic3iPmbL
                                                                                                                                                              MD5:E604C448F9DAAD033021B419CF03C534
                                                                                                                                                              SHA1:B4918BA6D91A5F3338425DF2AEB71467C64E1EAD
                                                                                                                                                              SHA-256:C318DF6F10D3041293015097F2E868AE5D0FB0FD32EBCBD4B512BC660DDA4B88
                                                                                                                                                              SHA-512:4276A4EC8F3F94062A268A8EF17ED1E0AC30441553044E9205C23344EECA45BA28851BBA48867AAAD3354BEE285C6C81A3DE1595E5D025BAC3692DA3D1A97EA8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...%.+g.........."....&.....0.................@.............................p......'.....`..................................................&..d....`..`....P......H&...*...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\Stats.ini (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):336
                                                                                                                                                              Entropy (8bit):3.2523664094525224
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                              MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                              SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                              SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                              SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\Stats.ini.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):336
                                                                                                                                                              Entropy (8bit):3.2523664094525224
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                              MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                              SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                              SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                              SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\asw1905a970a9b8b551.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1458), with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1847
                                                                                                                                                              Entropy (8bit):5.017769822956601
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:TXfpQlDNaCN6NFBnC5B8wqRfaSIqG9ZgQwqUTK4IxTO:rfpPVDdeK9aSauQ8KPTO
                                                                                                                                                              MD5:E71A0EE4EEDB83ACCF1CACA1FD81EAC1
                                                                                                                                                              SHA1:F79B29539493F68D63E7533A8E68D496770B7005
                                                                                                                                                              SHA-256:51E0E1404973C9DCBB6DFDC58E21EAB9BD6B1DCD024610FECF00DD694AC3A6AD
                                                                                                                                                              SHA-512:2AF4492BBF5549F2A55DCCE62F51FD9A76F33699ED06CC3937FA80F975DE02483FAE347EB4A586590DF5AAC80D7613242BC5F895190EA3DA2FB38418FA2D6449
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...[Shepherd]..ABTests=19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,49afa038-20e4-4cff-b058-f7c69b5a850d:A,AV-32666-v1-fake:a,Indruch_SS_4Thursdays_fake:c,av-32836-v2-fake:b,av-39646-v2-fake:a,ipmb-12910-v1:d,oa-7466-v0:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_email-signatures_opswatenabled_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_not-avast-one_version-18.6-and-higher_icarus-migration-free-release_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-read-mode-release_quic-on_emailscanner-ignored-processes_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_version-20.9-and-higher_pups-

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\asw1905a970a9b8b551.tmp (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):38307
                                                                                                                                                              Entropy (8bit):5.843515127753345
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:Ws1bebXj3i3d7rEUzbsY4xJchipyIqo1IzJtTE6vPPTB5vN:J1SbbAdHXwdIzJt46vPPTt
                                                                                                                                                              MD5:83F850D4BC8429853D624673B5F812A4
                                                                                                                                                              SHA1:4F39AA68B646B734BE4FB117E6F152B7D8F0A38A
                                                                                                                                                              SHA-256:46C62C8D8DF7CAC24E9669E694C91ACF89D300105194BA25D10628A10CAB6D00
                                                                                                                                                              SHA-512:DC65C4DF8AE475DBD5526210004DFEC4DB728A705FE4533AF5BBAA5BF274390DB9A0F46A8A483A7DC533FC33E991D05F55018CBAEC5293DBE48D5A7CC975114E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\asw1905a970a9b8b551.tmp.new

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):38307
                                                                                                                                                              Entropy (8bit):5.843515127753345
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:Ws1bebXj3i3d7rEUzbsY4xJchipyIqo1IzJtTE6vPPTB5vN:J1SbbAdHXwdIzJt46vPPTt
                                                                                                                                                              MD5:83F850D4BC8429853D624673B5F812A4
                                                                                                                                                              SHA1:4F39AA68B646B734BE4FB117E6F152B7D8F0A38A
                                                                                                                                                              SHA-256:46C62C8D8DF7CAC24E9669E694C91ACF89D300105194BA25D10628A10CAB6D00
                                                                                                                                                              SHA-512:DC65C4DF8AE475DBD5526210004DFEC4DB728A705FE4533AF5BBAA5BF274390DB9A0F46A8A483A7DC533FC33E991D05F55018CBAEC5293DBE48D5A7CC975114E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\aswae44c8e81283413b.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (628), with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):904
                                                                                                                                                              Entropy (8bit):5.167031182040394
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:O1FPAENaG0R/qvFPzaw5uF3McqevQ/lTKFIw0q+O:+F7NaKFOBFp3I/lTKb0BO
                                                                                                                                                              MD5:8FD3EBBA01CE4232AFE331011A69212C
                                                                                                                                                              SHA1:FD7C4064861E6B5682852B2847B9FF955FF586E1
                                                                                                                                                              SHA-256:510029BE08EDF021F9A8F874AF0CC01EA4B92C41F058D21A967448CA381716B1
                                                                                                                                                              SHA-512:9CD2A7C19872C32ECDDA9861D4DA9B4BBC3EE358CD60D707667EB5772EEDFEE1C0AA553FBC909A76FC3CC132AFB6DA7B64A4F9966836EE15CD07BE4F0B0899AB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...[Shepherd]..ABTests=49afa038-20e4-4cff-b058-f7c69b5a850d:A,Indruch_SS_4Thursdays_fake:c,av-32836-v2-fake:b,av-39646-v2-fake:a,oa-7466-v0:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_not-avast-one_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ispublicrelease_versions-older-than-24.6_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-4c4a63b919031e41a77f869d146f58178162fd95f1c605a8a4a1afbb8080a241..ConfigVersion=5198..LastUpdate=1731813251..NextUpdate=1731913209..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\aswae44c8e81283413b.tmp (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):34405
                                                                                                                                                              Entropy (8bit):5.8528116128108385
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:/CWZbXc3ihM2Pxrr14xJchipVIqovIzJtTE6vPPTxttr:5bM8NX5IzJt46vPPTl
                                                                                                                                                              MD5:62D53C1D7EAEEFEB212F641FD16781E3
                                                                                                                                                              SHA1:5C1A039AF70DB494FF7024841C08182FCFDA95BE
                                                                                                                                                              SHA-256:480E8E2B0F296B0E37EC1568B6F9AC5BC58E4A0CD1D96FF3AB34057898383F09
                                                                                                                                                              SHA-512:190A51BB52C38305E8135E778BBCC4D079A3D920D9492E3CBC53DB29868FFD78F5D7DFBD9261AC3CE0DADC60D2AA486456C68EC0F186AFF9C5E49A3C6AD98F6B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFil

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\aswae44c8e81283413b.tmp.new

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):34405
                                                                                                                                                              Entropy (8bit):5.8528116128108385
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:/CWZbXc3ihM2Pxrr14xJchipVIqovIzJtTE6vPPTxttr:5bM8NX5IzJt46vPPTl
                                                                                                                                                              MD5:62D53C1D7EAEEFEB212F641FD16781E3
                                                                                                                                                              SHA1:5C1A039AF70DB494FF7024841C08182FCFDA95BE
                                                                                                                                                              SHA-256:480E8E2B0F296B0E37EC1568B6F9AC5BC58E4A0CD1D96FF3AB34057898383F09
                                                                                                                                                              SHA-512:190A51BB52C38305E8135E778BBCC4D079A3D920D9492E3CBC53DB29868FFD78F5D7DFBD9261AC3CE0DADC60D2AA486456C68EC0F186AFF9C5E49A3C6AD98F6B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFil

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\avbugreport_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):5974312
                                                                                                                                                              Entropy (8bit):6.5089634796762645
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:98304:h4UK+0gSE5JsDIUG1hH5jDU1oz1ffhu0mkVunrAWG:h4UKDDcHpDIoz1ffhu0mkVunrD
                                                                                                                                                              MD5:5EB7F2A77F38CC890E1C673DD56FC398
                                                                                                                                                              SHA1:DB04D0804F3AF875481EB1587E402673B81D3702
                                                                                                                                                              SHA-256:C21A7EFF706500F52DECF9E3E56B32D745117E0E3915A993FE09F42759933583
                                                                                                                                                              SHA-512:C3F118CC6E4725883A490CADC01D6EE127F61F7120D24723FB0BE10E5E6BDA532431948EE9EA25C2F9F49DB90774766055610FEF609A1CA5FC73638322E8BA57
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........&.R.G...G...G...5...G...5...G....`..G......G......G......G...?...G...2...G...2..sG...2...G...G...G...2...G...2...G...5...G...5...G...G...E......F......G....b..G...G...G......G..Rich.G..........................PE..d...:.+g.........."....&..>....................@..............................[......`[...`...........................................P.......P.h....`[......PX.....H.Z..*...p[..v....H.......................H.(...p.H.@............0>..............................text...\.>.......>................. ..`.rdata..J"...0>..$....>.............@..@.data........`P..B...<P.............@....pdata.......PX......~W.............@..@_RDATA.......P[......|Z.............@..@.rsrc........`[......~Z.............@..@.reloc...v...p[..x....Z.............@..B................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3490088
                                                                                                                                                              Entropy (8bit):6.471350218694381
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:hUibSM+WrqZSA6y1MlO0WWu6osCXHtX49IAsrtPtxlCtTJ+T1cTyyaJJtd1gqm3:h3CW10IWXp4+Mx
                                                                                                                                                              MD5:4FBA79C03BE659487FA0828C4AA48A90
                                                                                                                                                              SHA1:AE0D8BBE50195CAE68265124081C5326AF069323
                                                                                                                                                              SHA-256:9E64033FD4E5D44D766BB5ADF415CF9D1A5372E350E042BCE324147FABD7D9E3
                                                                                                                                                              SHA-512:CC489DF290E704D340B6C429719A4BDDAB5FA8B0287E45931F9AF990FD127F350D3A20B94B5C804A3BE5140EDAB5FD8311B4B31856C831C02B69DFFCADB9A46B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......9@L>}!"m}!"m}!"m.S!lv!"m.S'l.!"m.S&la!"m{..m~!"m{.&lo!"m{.!li!"m{.'l.!"mtY.m.!"m.T&l|!"m}!"mz!"m+T'l~!"m.S#ld!"m.T'lt!"m}!#m. "m..+l.!"m.."l|!"m...m|!"m}!.m.!"m.. l|!"mRich}!"m................PE..d....+g.........."....&.. ....................@..............................5......26...`.........................................`.,.....D ,.......4.8.....3.,...H.5..*....5..U....&.......................&.(...p.".@............. .`.....,.@....................text...|. ....... ................. ..`.rdata....... ....... .............@..@.data........P,..4....,.............@....pdata..,.....3......b2.............@..@.didat..P.....4.......3.............@..._RDATA........4.......3.............@..@.rsrc...8.....4.......3.............@..@.reloc...U....5..V....4.............@..B................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\avdump_x86_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3236136
                                                                                                                                                              Entropy (8bit):6.5945068024923765
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:PHWR+O4KLV0MYiXCVovWj6yto/MfEiXnzXKggtMt+tZDvmg1GzyyVS6+FfvemUu5:vFO4oV0MYjRj6N/MftXQfW
                                                                                                                                                              MD5:F93218B20EA901317D5635521C199DA6
                                                                                                                                                              SHA1:10DFAF2D6B6CAD110DB9FFEF48663B03FA34961C
                                                                                                                                                              SHA-256:07B44320DD89928FABC1721528A1D087F74B99F93440B5FEF64B9B17B32D05D5
                                                                                                                                                              SHA-512:F127F6E6F097C1E229B74CC2E4BBC23624E7387D66C2EC185459995760288247BF9F4AB321501939A8F3AD0C9818A203885E791483590733530F9A6DBCE6CF21
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......+&..oG.^oG.^oG.^.5._.G.^.5._wG.^i.Y^lG.^i._{G.^i._uG.^i._.G.^.5._~G.^f?7^mG.^.2._nG.^oG.^iG.^92._lG.^.5._vG.^.2._fG.^oG.^.F.^.._.G.^.._nG.^..[^nG.^oG3^mG.^.._nG.^RichoG.^................PE..L.....+g...............&....................0....@...........................1....._H2...@.........................pp(.....Tq(......./.8...........H61..*..../. ...T.$.......................$.......!.@............0......4n(.@....................text............................... ..`.rdata...`...0...b..................@..@.data....]....(.......(.............@....didat..(...../......n..............@....rsrc...8...../......p..............@..@.reloc.. ...../......</.............@..B................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\config.def

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):33874
                                                                                                                                                              Entropy (8bit):5.851533903468576
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:FCWZbXD3iIPXxwrrbxJchi7bqovIzJtTE6vPPOMtPT:7bbZ5ejIzJt46vPPO+
                                                                                                                                                              MD5:261DCF82F4B8D725C17967E33FCD3471
                                                                                                                                                              SHA1:3E09340A8BDE2848BB73FC9795A24BE9B3271ED3
                                                                                                                                                              SHA-256:E1B432AB609929F65E8606297A98B8BD326B705EBCEB6BC07935EEA7F3709C9B
                                                                                                                                                              SHA-512:25B02D5BB1D840CB5600CF707B980009A74C7BBAB53B58364490ADDD588442153D390C11B8A9E0ED6322E179C61FB307A7650B5245518340DF3F591746D06E4A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..AT

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\config.def.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11216
                                                                                                                                                              Entropy (8bit):7.983443291785675
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:TuqyI+wSkC2W/8a9T3ceFpomkeadIEDlN/cAdvwaZflktMzyJdiayuAzF5Qy0:HyRwSR2y8aVsUgNDvcKZZNnzCiaxcjb0
                                                                                                                                                              MD5:C2594670CF0C6BE4DBD3217516263884
                                                                                                                                                              SHA1:C87C2AC11C8F1DA65A417B77A3C2F7669D3C76F8
                                                                                                                                                              SHA-256:EFE97D5E86FA1FB31D2EB1D912EFDA6C0675354C918A108A2A5CB9FD1B049706
                                                                                                                                                              SHA-512:793128AC8A007A83A6D45B92C33FED4EADA6DD2BE0439683F00138A5094685E66106B149BF6726AAB51B4462C9AB0AE7ACB4D66B75DBBEC213668059F423A90C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3R...p+..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1....+A6f..U.K:?"...7..`...1.D....9.....$..:.H.....1.......o......'...I.$.cDUD.....m...bU....3...5....Pib....+..:.....9.;._.Q..&H<?..3..N.).E.F.wa.i.S.z......`...r.27....".n..y@..K.b=k|/W.N...4...(j/..MK_P-.g.......\]..$...<;..D$..D;:d.._.[....d..........s.!......!H.R.,.O....o.......Q....j,........].....+..c....{..]...}....n<.#.5.....:..... .:....okO.T_Z.....!.K....z.pM*..J.irW..>-]H...4r..x%...\.]1. nB3.W.v.Q.C*.......xY.t..m..?.u.@>.8.H0.V.....K..t..??...R.KM7...E$.!..........).`...h8.w.8.\....5..Ft.0.`Dc....F..6.A.EJr...7..,!..g.e0.Z.L-.+..[E.`....wm..%..9..'........$P~.R8f..NN...+tx..-.j0nn..tk.O.0]gEzd.0....f.|\.b..`b.9.H.".w.l.va.T.F........e..;.s.Gd/.=$.Ylo&?....d.[..AGn.]$..d......r..Cq,3..8..-.k...^

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\config.ini (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (628), with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):904
                                                                                                                                                              Entropy (8bit):5.167031182040394
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:O1FPAENaG0R/qvFPzaw5uF3McqevQ/lTKFIw0q+O:+F7NaKFOBFp3I/lTKb0BO
                                                                                                                                                              MD5:8FD3EBBA01CE4232AFE331011A69212C
                                                                                                                                                              SHA1:FD7C4064861E6B5682852B2847B9FF955FF586E1
                                                                                                                                                              SHA-256:510029BE08EDF021F9A8F874AF0CC01EA4B92C41F058D21A967448CA381716B1
                                                                                                                                                              SHA-512:9CD2A7C19872C32ECDDA9861D4DA9B4BBC3EE358CD60D707667EB5772EEDFEE1C0AA553FBC909A76FC3CC132AFB6DA7B64A4F9966836EE15CD07BE4F0B0899AB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...[Shepherd]..ABTests=49afa038-20e4-4cff-b058-f7c69b5a850d:A,Indruch_SS_4Thursdays_fake:c,av-32836-v2-fake:b,av-39646-v2-fake:a,oa-7466-v0:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_not-avast-one_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ispublicrelease_versions-older-than-24.6_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-4c4a63b919031e41a77f869d146f58178162fd95f1c605a8a4a1afbb8080a241..ConfigVersion=5198..LastUpdate=1731813251..NextUpdate=1731913209..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\cookie.bin (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):21
                                                                                                                                                              Entropy (8bit):3.1368637096073178
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1HqCqsjn:55Tn
                                                                                                                                                              MD5:06112A52C5F2C27C04F4ABECC9CFA0F2
                                                                                                                                                              SHA1:787FF30FB75D2018EBF3D9232EBFD9134B80CB69
                                                                                                                                                              SHA-256:EA9DC97A05195E708728AF276DB0482436EC20F1F00A617CF43A86B025B48252
                                                                                                                                                              SHA-512:31B4807705A0965DB2A99731B124652EA8C8793D2AF3D0FFCB52B55612AF083A21FF1B0ABEEE84835976D91DFA556527F5619C22682A2228DD947E209634C467
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:mmm_ava_esg_000_361_m

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\instcont_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3845976
                                                                                                                                                              Entropy (8bit):6.446087740263079
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:VEsTJTCzvGnE3It0FCBkgqYCAdYbkLJumyyAFxub4KAgtMtetn+b0yTcN0FSVeSf:bJOzv1CxiWJJyjsfM
                                                                                                                                                              MD5:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                              SHA1:7DF6EF7D71AB0D0D1D5CE94008A2BA3A67B5E81C
                                                                                                                                                              SHA-256:A381A247A938DC8884CEFA508438D9292B6C8C88A157BA801B44BB5A09A5390E
                                                                                                                                                              SHA-512:BDB90E9CB42BCB784695A7891762460BFD09913F2D819896F455F85B05DA91FDFC21F73AA020D0C0FFC817334D448F7B8A13D7F276BCAC52E551FD1C2FD090A7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......T.....k...k...k...h...k...n..k...n...k.......k...o...k...n.b.k...h...k.z.j...k...o...k.[.j...k.......k...k...k...o...k.F.n...k...j...k...j..k.z.b.0.k.z.k...k.z.....k.......k.z.i...k.Rich..k.........PE..d.....+g.........."....&..#..(.................@.............................`;......:...`...........................................1.......1.,.....:......09.$...x.:..*....;..[..P.,.......................,.(.....,.@.............$.@............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data...00....1.......1.............@....pdata..$....09......z8.............@..@_RDATA........:.......:.............@..@.rsrc.........:.......:.............@..@.reloc...[....;..\...(:.............@..B................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\instup_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):22801704
                                                                                                                                                              Entropy (8bit):6.535582973837928
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:ip8cDBY6GY78yJ+ikqRrGck6ekFvJuJ4+56vJIRuepyFcQuIA04vClrQkpA1:ip8cRhQiHRGp08J
                                                                                                                                                              MD5:78DB0C4E222BC7F7DDA8E2C251D709B3
                                                                                                                                                              SHA1:F73BFF935EF7F0245BA9A23E079CF7E627321BC1
                                                                                                                                                              SHA-256:7C5EE1ADCD2D7B8C26753FDB45D184EC275A9006689E13007BC5FCD805EC14FA
                                                                                                                                                              SHA-512:3611437CA6310199CAF9CFE71FE54CB5BF3F729765ED8EBB3B49BCEE980AAE07BECE3F8AE184AD6CAEE249E6E3AB10999B6739122C67B2AF462F8C54C36BC0E2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$........?...^..^..^.4,..^... ..^.....^.4,..^.4,..^..&..^.-+..^..&N..^..+..^.%+..^.4,..^..+..^.-+.B].-+..^..)..^..)..^..^..^.4,..^..^.I[.....^....Q_.....].....^..."..^..^J..^.....^.Rich.^.........PE..d...x.+g.........." ...&.j.........@.c.......................................].....S.\...`A........................................ #.......)........#...8......I..H.[..*....[.0...@S.......................U..(.......@...............H$.. ...`....................text...|h.......j.................. ..`.rdata...$:......&:..n..............@..@.data............N..................@....pdata...I.......J..................@..@.didat..p....."......,!.............@....sdata........"......0!.............@..._RDATA........"......4!.............@..@.rsrc.....8...#...8..6!.............@..@.reloc..0.....[......:Y.............@..B........

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\offertool_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2494808
                                                                                                                                                              Entropy (8bit):6.788672549451929
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:DAtUV5fTAGE9Q2rCyA2AvAfAAEV1rnFTZT0krlGW+VH:8PGE9Q2rCKAo7ELxTZT0krgh
                                                                                                                                                              MD5:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              SHA1:1E34C4DF9E5C1EAE0B7697C475695BB39AD7D44E
                                                                                                                                                              SHA-256:2D0B6848C0CD944FDE5365667C2180D5B2A9EC60EB01E9F2E38B39027B49FE80
                                                                                                                                                              SHA-512:7B86081D9D6B36EE93BEEF8DB222D699D227BC426C3345AAE20EB037B3EADB8FA9552C4B058038AFCA07D6989550F57C3C85728A43B9E9ECC22BD4D59F6BD140
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......e.a.!...!...!......./..........'...*...'...7...'...B...'...=.......9...(...#...w...;...!...'...j...).............4...!......K...P...K... ...K... ...!...#...K... ...Rich!...................PE..L.....+g...............&.....*....................@..........................0&.......&...@.........................p5......X6......................x.%..*...p%.....H...................................@............................................text...j........................... ..`.rdata...`.......b..................@..@.data...ln...`...H...F..............@....rsrc...............................@..@.reloc.......p%......(%.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\part-jrog2-165d.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):703
                                                                                                                                                              Entropy (8bit):7.691740964523839
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:UIa/619gs29PQ8Gn1aBIpeuarWAbSuEa7I/kYCGHz5BaoYb0bM71n7Gwe3MUlp9H:UIaY6V9Y8E1a+pe/WAuuEtcYCQz56Ybl
                                                                                                                                                              MD5:73960E554642A52684E4FCC6FCD560ED
                                                                                                                                                              SHA1:ED47AAD96AF09D307FD13AE280C0DCACB853C523
                                                                                                                                                              SHA-256:038ED336E0323D6A0A413F3C9516C6D644305F42B572308707CE4D25D0ABFC3C
                                                                                                                                                              SHA-512:492ACB4E518129264E80369273975613378CD69BB179280FAE6A10CAC32ED2DD5633C6FF34276C2169829D7C9FB32629EE957E081076615C7B913A545EF0DCDA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFile...._...x.-.GP.A...?..l.n.`......B..A$.b.x`.fD..3z.#7O.<x.....%t....+...b.......}......Yy&.q..^.p.*..}.9.Z...&..;.Ya...R......=...........eT..O..4.-qU.K...N.>]q&.[y$.|My...W..8.\.s.,..+....G..nY/Ke..%.e...b.w....}X(....)..5..:....r..y..J.\.l.52G..l.{.o3fq~.}..O.l..e.. ..z\'....[.5.[M...[.W..\v.e.E..'......%.X.).'."._H\..X.<..<yK.e...!g.'...mr&}.`...,..}..0..L.....|].7.7I...3.u.....9..8.c.;.y..^1..E...G...'....".0."YG..0...._c..1v.C..ml._.=...:?.}.Ac...7..[7d.=.....>....'c..Q......w......A?u....9.K.W.....~.=....g...).0...D........9u.O...N....~.m.r.........u.......`>~.-.....3 ...|......."(..w.j.7lc.../._.X!.l.r....Ff...|1AL..l...|*U..'.ASWSig2B

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\part-jrog2-3f.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):212
                                                                                                                                                              Entropy (8bit):6.873399155053426
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Do/RlllUG1BkzrpUITb5KTQvrHnrQBkSsXqHE/h6PG/Xa/XfBXkcLn:Do/Rl87aIBvjn+kpXqHsh6PG/K3BXkSn
                                                                                                                                                              MD5:B52CD14455C3886559C5C647520868D5
                                                                                                                                                              SHA1:D4A13002B397146E2A9EC3E3F4DF5C7C2F3A4F2B
                                                                                                                                                              SHA-256:63282CF05C074D74BDC196B5F2939B5BB42BEA57D3CD5B95F065B00C3B4EE34B
                                                                                                                                                              SHA-512:FB0AF5B24134F71458C7710E920611183B73E3828DBEDD96133D35E04FC0B16FA940A95628039C0A1C6D797F6A82D5C10C98F0003BEC22D98F3DD1789E07BD77
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFilem...t...x..pt.Ne``.s.ue..YE..F...n.@N.t.......fj...a.O.y.+..)56.l......cgl........(zo...r...K...........4....t.2..T.)....O.k..=..?...~..4\.....h....M..... d.......?9L..Y.4..<....ASWSig2B

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\part-prg_ais-180b17f9.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):75960
                                                                                                                                                              Entropy (8bit):7.997659035780696
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:1536:T0wKUlO2Hl4Ib7dzgCTNKx7rD+tK2K0ncWIaC4CIiT4JxFC9G0kkpo:T0wKUFHhrAVrYK2KE1InzT4HFCuk+
                                                                                                                                                              MD5:88CD5DE2B6A173293E509018A7EB4DF5
                                                                                                                                                              SHA1:FC29BFF0046D3288956232DFA6160D943FB7B99D
                                                                                                                                                              SHA-256:5B2245639A15E5E8656DD8EA39B06FE8DE141408EBD9FCC1EE2D31A4F63680AB
                                                                                                                                                              SHA-512:15DA3EC5CF9B87FF66128D20F5D92E76CD732EA01AE300362530046BB10E83253D617F216E2386F2BC20A745EA922074CCC6BF891A9C2C7427B84A415CAEFDD5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3.[..X(..]..@..(.Dx`5....j.D.....H.&!...!0..v...1.Y.v.*....OU...K..o.R..~..=d{..6..S..2m..).s..K.#q..J...:........\.J..#...../0.G..U,.Q..l3.^.0=...?A....... ...8$;.r.4..P...=."...u.Kj...n........}...O~...t..}.....^.._s..:A.h:.1.!.vz).|W..[..~.....h.m.Z...M....w..F...=..\c...X2.......{fm.._8H...K.Ye+.4*.+;$!I.....U.!....=....AM2 ......SQ!.;....O....._*AjR.V..0Me0..2.U...l..L.t.tZ....&H:.*^.'......^.vHcD...0..<....0...0PO. .MT..F2.Y!.<.j.h..6.B...s.s/M.s.yv..s.......#.EZ.1..$.........z..=.%Q.|...5Z.;CzTd.{l..s\.......b..R..}}....e.k.X.!....5./.h...fc.H.....^..Vp..T..v-....F..X.3.O.b...C.E8.t.z+._@]...PJ...R*.@.....e...?|.....9.'H.....rE..v...+b......V ...>O..Ol.:6~P.$D(......3.....|.Y.v:ZL..c.Qm5* ......Z.E.enxC..........I...t...V..'..y..<x......T..k.UH".uy.u.4.4i?(..i.N..,9.v9$...+T......WUy.<..`....{R...gZ9..U...-9.nW.Q...`9.d..y..(U..b...L_.......xf..?.,.s.^....2N.....!.[....Q......_..}.;.....BAWb3..8.`..*.[..B...

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\part-setup_ais-180b17f9.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4518
                                                                                                                                                              Entropy (8bit):7.964941149397295
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:jX/wN8yHKSBwmIAMxb6jXTAR5/nbj98rChHmFxqGNK3W5Xn:jIVKmDMYjDAbx8rChHgxq63
                                                                                                                                                              MD5:606B8A877BA5E352D4EA7C89EF88FA4B
                                                                                                                                                              SHA1:012955404A9B71402695F61630C8CDC109DAE4A8
                                                                                                                                                              SHA-256:4681470A64C3BBAD4065D7844937F64838E713185686E89D223BE2D4D07FA818
                                                                                                                                                              SHA-512:89D172C60546A9B1211742A719CE8379E9DC5F9C71B81C5FDAA66DF10607EA28946691D6AA61E109AD06FC85B0BAE02971E84A881AB7C9555E837FBD4A315C85
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3@...F...]..@..(.Dx`*....j.CtK.&.^..=h..N...,......p......X..].....s.V!1..>R....Z..Q...{(T.R.i8...(..Z.K-j?F.s..z.....!..A."....r~E...m."....@n...$.....e..jD`t.~."[u.S.[.0g..9..GS...0.2.C.=@}pW......s.S%..j.........W.g.....[3*...ZG.eO9...M..u..a.B'.F..S0..2.........Fh|.~.8..R..^..9.I.<aj~) -."..R...D.."I&...1..e.g.\I.....3..M.z.V.>...H{.O.vy.%..BS&.T:.J....A....(.C.H..M....*..d.W...]{..V4.05^.3r.J.U......B!....p...a)T.d.dQ........n1...j..+$..O)N._...a.y..*....H.u...U....,?+.!..o...,..3.0..#3s.u..!.>1..:...NV+.).U..zf4.<7....T.....A..\.Q.4.+.......#.. ...#?..L3N. ^p....!.c.f^;.pU.j.n....~6|*.?.#....:...=_...x].].F[..s.`uTG.j..r..4.w...8...|W<.'...}N.C._|K.mU.......T.....Q.%P...Mt..H...P.J..N.2....}.2....A.jC...t(.|3..T.".V..A..6F.S...F.0...8...&A..Z.m.Yt<.0G.W...L6.cN......R>..I,%.~..2.,...Ie.J..|......TA..........O;..tj$2.&X...m9...`.0...4..?k.......z.#.c.N...{.58..~c...+r:.i,..9}6..i.&!...]./.YVq..>jf....P..BL.....

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\part-vps_windows-24111300.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):12069
                                                                                                                                                              Entropy (8bit):7.965434857786736
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:MEFc7mr40Yt5JEAJ/sFWmrpE8f3jgRCouRMmgUFp+tBhkVYFtWT4EzqnQKqrimPE:MTG4BLEKskmtVcRCuzUzU48QKanc
                                                                                                                                                              MD5:C17605BBE8ABCFFFA9CC153FAE929924
                                                                                                                                                              SHA1:D8B2E1EAEEDA4597BDCDE8908CD1ACD54B118894
                                                                                                                                                              SHA-256:74D50D1F3BC4AB2508261594688FE7FACD0D64D4A6E4511A451E7155C427F514
                                                                                                                                                              SHA-512:F7D5B20EEA5812BF1A00E7CE5CEF13B8DD20A784F11CDBC28C1CF8A92CFAE9BAB1FAED94A3ADB8DC09AF67DB7E200BEF2218314727F69515AF610A42E8F8F933
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFile~>......x...uPU../zv.....VJ.D..$....nQBI).R.TBD......%%..iA.EJ.A....Y.;.wfn..3.s...6......sIQ....D......../ko..W/.b..*...5M./7........:i.H|.. }...D}.8...B_..n)...$.P..b.......h......^FJz..$$.L$$.t.$..A<..b]'..H......|...,r\..g..^..O!....#.I..B..H.....*...#....H=.|.(Ry.un..B*'....HeC.Y.............d....HO...HO...HOE.k.J..S ..H........H.Ez...."..rh.p......#..E....G.=..E..R...[H...?H.@..#u.Y_E..._F.%.."..H?..sH?..3H.F.......F.I....#..RG.._H?B.......@....Y.B.A.~C......"}.R{..... }7....$.v...@./HmG>..X.....r.......H.B....w.YoB....=.7 }=..!}-.. ..Y...UH_I....U..#...\). .[.9....#.EH-D..A....Gj.....s.>..>..3.^.h$7b$-b...................-+wZ..Z.f..~z%nU7.d..........^...S....js.....Y[YVz.4.'S.-K...$.....d.iZ...,.0.t..0.PE...}D..\.O...n..L6?..L2.b..5n...q%%`..%.0.N..L.@.&..(..e.T..C8..J'.0.F...y...L...L.~..L.`..t...1..#.L.e.......$...`..4.0i..L&.b..ll...."R.$.9.0)oI..<.E....`..ZR..`j.`...L:8S.&..c......d.+.`..i,`2.".0...L:..&5.1.I..4`R.h

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\part-vps_windows-24111599.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):7561
                                                                                                                                                              Entropy (8bit):7.972849246514998
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:r8/p04pGOru5xqcStbIPhCG62lt2/3gKptS86vI1V:r8xPAZ55Ub0hXtgw3I1V
                                                                                                                                                              MD5:E0F82AB6785580B9296793B164028CC5
                                                                                                                                                              SHA1:BACFE36980D694587FCF4ECDE55398A7B08BBA66
                                                                                                                                                              SHA-256:72E18B271F2AE83116B2E91B5106AA8D644B31194F65D9628BA52425326F2A99
                                                                                                                                                              SHA-512:D8730B4D484D0FF353B94822822CC5E29E4EB0A0D0ADE7ADC798115F44243C5E7656F5BC40E3F204F5013D331E69CA9F9AF7E7F5A6306EE27382C4F9C7F519C4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFile....)...x.}.UL.l..`...,........;..nE..Sl......+..o..}....=.d...2...K*:B@@..+K..3.]=L=]\.=L994.ee..ys.........\...Z...S...N.m.. I'.....+......}.W..'.....E.a'..#.....?..4...B....?&.../V.....NN...e....\b.+.....s...e.`.J.....XO...."...R0r..&pC...O-s<<^.{..o.r...<.%.+ka.l.ng..m.\>....sK..+I?6.S6`_..8K"e....F\..>m<.eal.......#'BF.??...........W...a...y..kj....h........^..Z...,..}........w....Bi..Y../..../.z.....%6_)...W ....?&...pq../.A~OV[:(.su._.B..R..>x.h...h.g7..\(...|.._.eV.6Y./..]]...Wz....7.........j.>..).Pd..E................;...........X..B....W1.H..._...f].6..|.......=..~.X...+t..R...o....g.6!.I...gTl_7.....19>..9L..l.l.+..........R,!..1.D(..:..-. .,..m....%.h../..s.@.m.y.9|u.<PF}...+G..(....p..e...&j=.FZ.(..A-...!.....ML...5.d...!.}...4..{/c...d..U&.3.7mO.(...{1...=h...^....g...9H...T....[A...R...T.../.z"w..5.".J.B;....7.`..\..Y._.....2..$.H...x.:..L..+.k.v......o ..f...R?..1...IN . .b..z....Y.'...Xv%....k...O.i.....Q.}..

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\prod-pgm.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):573
                                                                                                                                                              Entropy (8bit):7.572324839935932
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:5dT2enBCweX1KL5DYT84X6L/5aWSYWBBYJTPlpwENgEV1qm/n:P6enY1acT8G6r3WTI/91xn
                                                                                                                                                              MD5:E41B3ECBC78F39C2F5FB4F1B89CBFEA3
                                                                                                                                                              SHA1:18141E367A3D7BBD6EBB455618026B9D86E25D2D
                                                                                                                                                              SHA-256:9C8C47FB72D287460EBDBFF813C468C12746C78C44201C044AF81B88B1E78C1E
                                                                                                                                                              SHA-512:59D7A8F6D27C594514390783CFF96E244006B05810E16C8506121234F935876CFE4C08C82213EA8192143938E4CFDFF78E5B95F016F70C7FC0B5C4B500BFDA11
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.En......s-...@....e........<g0..e.Gx...C.L{...!..5pT.t..].I.p"..........{C.mH_o..JD....x0.1{.~`C...7^~.....b...,..+.W...$oP...pD.)e<... 3............f.J.@.S.R...X{..)..-.x.....8X...v.e5.H..d$...)..Rww.e,..............N..x.>!5...`....J..Ax....5%8.k.8..>.F.......y.'..rh^;f..l.B.+{.....)..z....g$+0..5....y......X.....J...=/...7+4.W7.M...TJ/U..,..M*.h.0..~2c...........j@..f........Gt...dXJ.W...(.......}..R7\...2......j|nj......H.Z.n..J..s)uG\(....y.....;O.....M.3..4.Y1.%..B.....ASWSig2B

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\prod-vps.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):340
                                                                                                                                                              Entropy (8bit):7.220252077684201
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:DulSVt/JqTbqeUD8G60Nao5ZNVt/rykywKzkQ5o5kJTFFU41dQFMJ7zQn:KlY/oGZDDtDyGU5PJ42QO0n
                                                                                                                                                              MD5:842F97E3B1D1693F3E3AFA70DEAF9F45
                                                                                                                                                              SHA1:1B0FFC38EEA352ACDE06C1CF2401E6382D60107E
                                                                                                                                                              SHA-256:BE9F38B57C380AF0A273B5D23C18830E44A5C6C263BF5C7A885B6F514F68E0CC
                                                                                                                                                              SHA-512:0001E61544ADC811397923432F2938EE118669FB48DA61D41EB815427692D67D056E3505FE46325A5B0B936C837E337C65400542F213394C895E71E87A1D6AC3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0..c..n>.~ ...;....H.-.......N.....Gz't.u.0..........'|y..`|..2o[...{..[.H-..7.w.f....B<}Af...H.......f ]VP.r.7.._...._^.s.LQA...:e..b.V`{..*Sk.K..m!....]5...:b..(k..V.6..P..Z...<.)~-...e;n.w..B....]..H.^.dln...VL.=fA.....f.P....B.Kz..[\E..#\...........h..h%...&....X.ASWSig2B

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\program.def

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1552524
                                                                                                                                                              Entropy (8bit):4.904101553320832
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:3baHndUNyN2XLYuCN4MjWCN4Qj5qpwNvvH5Rw+YGvqNpn3DMSMd5i45eRpCvWIOA:uH+NQIw7DfD440tw
                                                                                                                                                              MD5:8EDCEC9108B7680E58835764EC5CBCBC
                                                                                                                                                              SHA1:D5DBD71DA6DB9687AF296C500A303552F3EDF8F6
                                                                                                                                                              SHA-256:4A9F6B64F10D6F0F1743D55F5AEB7EDC31EDA2143204FB860D6B8FA602FD8E35
                                                                                                                                                              SHA-512:64D32B34F6E5AD39D03D2D72EC583F0C187596104B2A783D6898302840B1EED6A261BA9399069E02A00E7CFB9AAD7936EC3F533BDDE7194941871CD93B43DDF3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="program" name="prg_ais">.. <selection-tree>.. <selection-tree name="ais_security" name_ids="23000" desc_ids="23001">.. <node name="ais_shl_fil" name_ids="20002" desc_ids="20003" />.. <node name="ais_shl_bhv" name_ids="20014" desc_ids="20015" />.. <node name="ais_cmp_avpap" name_ids="21062" desc_ids="21063" />.. <node name="ais_shl_rsw" name_ids="20022" desc_ids="20023" />.. <node name="ais_shl_web" name_ids="20008" desc_ids="20009" />.. <node name="ais_shl_mai" name_ids="20004" desc_ids="20005" />.. <node name="ais_shl_shp" name_ids="20016" desc_ids="20017" />.. <node name="ais_shl_exch" name_ids="20018" desc_ids="20019" />.. <node name="ais_cmp_rdp" name_ids="21064" desc_ids="21065" />.. <node name="ais_cmp_secdns" name_ids="21040" desc_ids=

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\sbr_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20776
                                                                                                                                                              Entropy (8bit):6.666276726657009
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:9xaZ9QOb3KiVm+U28iAmIYiWop1/wfT3ir2WSx7bLu2:9YZ99bhU28iSYic3iPmbL
                                                                                                                                                              MD5:E604C448F9DAAD033021B419CF03C534
                                                                                                                                                              SHA1:B4918BA6D91A5F3338425DF2AEB71467C64E1EAD
                                                                                                                                                              SHA-256:C318DF6F10D3041293015097F2E868AE5D0FB0FD32EBCBD4B512BC660DDA4B88
                                                                                                                                                              SHA-512:4276A4EC8F3F94062A268A8EF17ED1E0AC30441553044E9205C23344EECA45BA28851BBA48867AAAD3354BEE285C6C81A3DE1595E5D025BAC3692DA3D1A97EA8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d...%.+g.........."....&.....0.................@.............................p......'.....`..................................................&..d....`..`....P......H&...*...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...`....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\servers.def

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:Generic INItialization configuration [server0]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30252
                                                                                                                                                              Entropy (8bit):5.133877165802441
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1w:Z9otwD4X63hwryPIBWrMYhOv+n8Z4+
                                                                                                                                                              MD5:1A6A9E445C5945718C7D7BCF44BFD42D
                                                                                                                                                              SHA1:1655A71593D59BEF42D28301466660DF57D530BB
                                                                                                                                                              SHA-256:C6C5D745F99444A7BA784471C9F939C6FDFEFD5A0D22CDE44677E5D2D62F12EB
                                                                                                                                                              SHA-512:746E4C9934102AEF1B751CD37CBCA1C4ABCEFEBF65E0D53896B618F398123B46DB60F1E8F1D0C09388344C58D8709D0F9519CDEF5BD68A53F07999B2B0859E3B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\servers.def.lkg

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Generic INItialization configuration [server0]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30252
                                                                                                                                                              Entropy (8bit):5.133877165802441
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1w:Z9otwD4X63hwryPIBWrMYhOv+n8Z4+
                                                                                                                                                              MD5:1A6A9E445C5945718C7D7BCF44BFD42D
                                                                                                                                                              SHA1:1655A71593D59BEF42D28301466660DF57D530BB
                                                                                                                                                              SHA-256:C6C5D745F99444A7BA784471C9F939C6FDFEFD5A0D22CDE44677E5D2D62F12EB
                                                                                                                                                              SHA-512:746E4C9934102AEF1B751CD37CBCA1C4ABCEFEBF65E0D53896B618F398123B46DB60F1E8F1D0C09388344C58D8709D0F9519CDEF5BD68A53F07999B2B0859E3B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\servers.def.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2452
                                                                                                                                                              Entropy (8bit):7.906075181939953
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:m31oBEs2XRm52nx5ivt4+qThjoZoGhjDh9yiHPkjOaNRoLQk380t29Nn:ao/ORmknx5Mt4+Go6G1V9f6OQ+QP8en
                                                                                                                                                              MD5:CCC9E37F531D8D3E748AA960765F95F8
                                                                                                                                                              SHA1:3BBA7616812451E4581EA83AE89FF2873A8FF998
                                                                                                                                                              SHA-256:FCB2089787060130F53E59923D46E59EFFEE53E1230ADB370FED3DBAE11A2853
                                                                                                                                                              SHA-512:806F350723F1CB7D0E3745563E5FCF56B169BD28CE11C0CBF6DD58C36485BC0CFFFB6B7B14AA1483B9A728B7442E8317421AC54D3E9D6F6FDE5ED92B4F41240B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3,v..4...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\setgui_x64_ais-a52.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4144936
                                                                                                                                                              Entropy (8bit):6.480296620316725
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:E1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNhabsFbFfcur:ElwYsXFLNQ+rfvRAmvSzrqNphkur
                                                                                                                                                              MD5:BEE7971B485CF885A4BC51C315A00DD0
                                                                                                                                                              SHA1:AD9F990A93CC1FFA6B3D8B3C508D9137F8B6AA4E
                                                                                                                                                              SHA-256:DD596A70EEA3818AB6E57417CF2F3DE0071C8C90C0878BC9534D11C56D663D7C
                                                                                                                                                              SHA-512:111367848B2B4CDFCA653F7D3153FE8E23157EAB01672A51529AD538ADE5ED6F8C50B1DAEA73C6E040EF4F4A67065ACACFA81BFB0E2EFD40D53E01655A6625A0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d.....+g.........." ...&..0...........(.......................................?......g?...`A..........................................:.......:.,....@>......0<.T...H.?..*....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\setup.def

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):39811
                                                                                                                                                              Entropy (8bit):4.746027384480954
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:KovwuKcl3cOngF7XR2Sm/Pf1M9IlOPachnRnw0pFiRAnMeimqXO:WpB
                                                                                                                                                              MD5:09F4A482ABAEC287A396EB53B5BC7790
                                                                                                                                                              SHA1:09B574D3056ED6CED6646ED11B85CE76712CDB4A
                                                                                                                                                              SHA-256:BB5630D32DF32B939232606E8EC97B8BC64378D316378DF72AC95DC965A0F7B2
                                                                                                                                                              SHA-512:4A831F0E54F38FFBACBBC5B869324AEAFABB61B7F6EDBEB49EE9C16C5129557868F931FCD11C27BE6BF632A619575197EE555662AEF9318DE1C76FF3AB6F4F12
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.11">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />.

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\uat.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16135
                                                                                                                                                              Entropy (8bit):7.988705156102118
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:FZM8knxkVrZZDxYpBKzJxU2gZ8UmQc5XzP07PUkTp24XWt:F+xk5ZccI26mQyM7NTpHXK
                                                                                                                                                              MD5:896C675DF96DCFAF815466663336590C
                                                                                                                                                              SHA1:11506C0CE24AB315795DEBDFA1B24E96CB48D51E
                                                                                                                                                              SHA-256:1E5F5D0A634CDADAD2090ECE7C29D347361D86AECA170FB2681A5830E6C61BE3
                                                                                                                                                              SHA-512:7FE71ACD6DE86F5DA561FEB7E2B915C3BBC34F158D0CBDC1A0B147E5FD93FAB3F415DF5E0EB70459DBB3EB671DD096BA17B55E350E82E25FA07E9ABE01331037
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3(m...>..]..@..&..p.........../D.|..(....U..)..B.s.Q....L...Bf...2f..'.6...gg.D.....(.[.[...1.Ic)B.].;...x...aK.D@.5$..*..v#.d..j...yF2..(.:..3...$.5d"4..3.%.w."k_.=...3h.f.....l[.`..o.!.....$.V;..R8..........b.-.....S......-..G.S...lsm..1.......L...e..c.E.A.....x.x. .........P.<...x.|.-...BT.D...`..$J.z.O...g+.@.|O.^...{..[.ro9..4.....a..F......8.x.H....v.8..z...!.\...l.6.-.LP.....V.yA.......(.4........J.GC.B)...w...Z..\..s.s.g..C..P.....5O..9.R...5<..=2..R.Q5..'..0.O.;;.S...gX.L..P..lr..........7....H..k.....t./#U.W..<.q.....{....c...xU.4T.7..Gg5"P=l....6.){%.e.........~.....#A.J...w@.H+.....t.....R.2.@.6J...w.N...?.g...u..f......JJ....v..........Bp6$...6S.I.)...}.Sfn;....w.8'...._.;!..5.V.&..9.:..C9.m.#.g.k._.]..$....><A.g..`....V..zf..0..d.F..&P;.d..h..zI....9.m<....{.sd.1..k.q}EA....@.s.N.....':^....^.g....AA.1.NW...W.cU.zE....|....g.Q..f.Z.g'..{.../....../...N..Z.F....T....D..Y..1.vY.g.$C......9._...+]F......H.R8...=.

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\uat64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30504
                                                                                                                                                              Entropy (8bit):6.827833547100702
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:t5eK0CBFdun8lDZgqsQrn3zrlYi33iPmbL:MIu8ovQr3zrl7n7
                                                                                                                                                              MD5:F5039F803B5B1014548700D812C70FF0
                                                                                                                                                              SHA1:BD973D1213F276E22F96A18D818E2172EA3614DB
                                                                                                                                                              SHA-256:52E2EADCE4D82BB9409FCA35B4B0CC789B8E434D4CEAD3547FD060A95BA746F3
                                                                                                                                                              SHA-512:980A2B48E539B583F9FA5CBCEBB91DBF0AE3F9BE669F8A7E59CB4CD116C500393ABC2AEA6BBB75A2659F1B0FA33D813E98E5A8FBCCF5C83E5A428497E99E03D8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p........Ec...Ec....i...Ec.........................~.........Rich...........PE..d....+g.........." ...&.&...$......`4...................................................`A.........................................T..,....U..P.......p....p......HL...*...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...p............D..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\uat64.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):17178
                                                                                                                                                              Entropy (8bit):7.988375155111137
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:VMqDY6BE6ZD6RYfWpQ8E6aR//YhUv2PBVJisi1Nk+UNxOUmhegtHEtOwfURWbbty:2rUE6ZGRiEahYh9cs9fxOrutOTOiT3Jh
                                                                                                                                                              MD5:30B104733551F0AA0B62B4A123C85BEA
                                                                                                                                                              SHA1:398D273E2BB9CED48B259C26A59EC5BD0236591E
                                                                                                                                                              SHA-256:6DF20B657D4190179A367106777DA6114BDEC8F65FF29E109C89F206DCF4F50D
                                                                                                                                                              SHA-512:A00BADF5991BF7431EBD14E2D9DCCD75DA11315838AC01B8D4ECFFB2CBD39777EDBCB5D3A9F85C98FE6DA84CDE0A25E07BE73BA11C962BDC4842991DD3E993BF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3(w...B..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yc..l...}'g.7-G.t..@^hI".....yl..:GN....a....K.c...}..C*f..Xv*....../.U@,..k.~j.7.h.....Z..`..G.u]-....w.. b..o...2h.}{f...7g.....W.N.v7../5..Z.M)J.....%..D.{.3/N.*I.Q......../6B.!..e............Yj..p;n..>*....Y>.........?G~C...2.'.5....M..?.~.E.../.k....x..>._.2Uw.#7..O#.i.'.....N.?l..FM.!.v..(I-.....3...E.7?..g..M>..3)..6.p..T.[.h.t..9.....p-Qz.....&...R=I.R.a...{..~....b.i6..H.P.p^B..9.o0.Z......hU......@["...~H...q.../.2...lD.|..*..&..Ic.g....).P|..#..n.P.....W.0..;...u....n...u..J...E....:y.Ti.....1uU;."B...}..,F.z)..w.L..n...Y.jK..W..m...u..b.........,.....I..pOw.9.....).._.{.(2w.K....nK..b.........P.[.....~.....c....-.lu.&.3....+-..D........5......<.C..m{.&..B...=............M&.-c..a. y*.k...9.|....S...3;\..;Btu..^(...."........0.w.BA.Q..A.8..:>..%..../....w..e..D.../])......e[w\...SS.%.5^*....'I..E...X4.V.........

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\uata64.vpx

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11213
                                                                                                                                                              Entropy (8bit):7.98622732524891
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:YTEovd3j8Abp8F9hTzlUsfVWpUhtIkYGvkLfRrxP5e80gllbd9nr/73mxg+iFn+e:3qlTbyF9hTzlYpU3bvifRlPjlbd9rji0
                                                                                                                                                              MD5:1D5D0D993661A2D03CC6DCBB3365898C
                                                                                                                                                              SHA1:B3484B65EA54BD0DEF9F6B1AEFF8FF8583F0173E
                                                                                                                                                              SHA-256:F6E81AA56F2F3381D0063F1F7048D3E6858F1E44535831488116550358478753
                                                                                                                                                              SHA-512:CA23485D4E0418D04FAE757DB55041656F54DE0B7FE87A2D89E2291E4E17A7257521E98E9613F63BD10A642E76847D3F47F2D2434085483B4C88004C03A601DE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:ASWsetupFPkgFil3(M..m+..]..@..&..p.........../D.|...G'_..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y..m_<.j..Q+...p7f]..f...M..8. .............E..I.........P }.a......R.d@=..$Wj(.~.(s.uV..........wt...u.$.Q.(..`...NB;...]F.......[-@w.vo.b..._p?.V8....s...@a......L....pW.:.:... tId.9h..z..................z.....P.D+|Yq.d5....Yd.z.S[5OP'..x..Y..0..wR ./....l.B....l.o.$.6.... '..Fv.....ar.?~.f.Hb.:.L..lC.......2..$.....C.5...V..m2gM.^..n{..;..Q.....+..8..zj.R.39...o.1...4......O7.~..........0X........u...EX..Z"k...b3~.................iWt.....m}}&.^..$.q.f..6.&]..%U...Yka.L...x......1c.]X.}[.y.;.........x*%e...5.r$..D...`..5S'.19....7......)c5.bdN.d@.=...j.7..0......j.3_.6C.Ycp.....KE..~3...2Q....+-..a~.^(Q.)!...0`...Z..I......k...e.v'.9..W..&N'..c....(..T.5..y..j..W.o.1/NU.xq0.s.DIH.pJt/.gV<..!..~#......4n.+ES..xc..~[Z..E..e..].F5...=.+w+...Z...Q.....&..e...c...Iw....K9..K>v.....0..f..Z>....p0....t...L3..K>Qr.C3.t3=.......d......I

                                                                                                                                                              C:\Windows\Temp\asw.35a621416d17dbaf\vps.def

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):55892
                                                                                                                                                              Entropy (8bit):5.023999829313249
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:pvuCUuAU7soerqmZTyCK1gSgEPNi84iyo0vvqNz4Zx1ll9puY7j3E/3zOPz91KMb:pvuCUuAUQJRQ9U3NFhfCRMS3ulhqBkv
                                                                                                                                                              MD5:90CF995E37F9D3F9B93AD34577EA4BD3
                                                                                                                                                              SHA1:68C2FE60180E39A6B7694017D3F4AF491905D8D1
                                                                                                                                                              SHA-256:D4B7D56879EDD8ED36F187F432CD32E452E84873E6E1D051FA85D09ABC9E4B0E
                                                                                                                                                              SHA-512:5B95A7FEAFE7AFBBB2F641042249EEC57C1431AC5C536B411518D65E8A939C2AABCE48AE57CE7270A7CEAE248D546CAA535BDB3BA82FF89B451E2CC58F1F03D9
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<products>.. <product-defs>.. <product name="vps">.. <part-list>.. <part name="vps_windows" type="vps">.... <expand-symbol-alias>.. <src>%VPSPATH%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR32%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR64%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <condition>.. <or-list>.. <file-exists path="%SETUPPATH%\Vps64Reboot.txt" />.. <and-list>.. <or-list>.. <is-operation name="install" />.. <is-operation name="updateProgram" /

                                                                                                                                                              C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11083976
                                                                                                                                                              Entropy (8bit):7.9238198360798435
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:196608:iYtmRLiobGa7D7ZIqRaq1CewvhK5Pkz/h5TI+Wmg29iPu6nP13gjK:XtmRv7DNPwB5KFM/v0Z2wPb93
                                                                                                                                                              MD5:5602827611566F03E75534E544049184
                                                                                                                                                              SHA1:D8835C1CE4657B740B31CBFE3EE1C44778B1C4EB
                                                                                                                                                              SHA-256:EF505C532585DADB5DBE7CF70859CB8217B5167A2BAF965A2BAA28065E33E497
                                                                                                                                                              SHA-512:B6548F3742D6059209DC38972E3DBB64DC1139881983585FEA6DB968BFBFF68D30DD00219CE8603C1102EEDAC8089315C08575FB73E20CA3C30169FEF42EE1FA
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......(.0Fl.^.l.^.l.^...].a.^...[...^...[.m.^...Y.m.^.jm..h.^.jmZ...^.jm].x.^.jm[...^...Z.r.^...].n.^...Z.e.^.e...n.^.:.Z.f.^.l.^.a.^.:.[.o.^..._.a.^.l._.w.^..mW...^..m^.m.^..m..m.^.l...n.^..m\.m.^.Richl.^.........PE..d.....+g.........."....&.B...P.......U.........@.....................................6....`.........................................`.......D...d....@..8x...`..t........*......X...............................(...0...@............`..........@....................text....@.......B.................. ..`.rdata...L...`...N...F..............@..@.data...h........^..................@....pdata..t....`......................@..@.didat..X.... ......................@..._RDATA.......0......................@..@.rsrc...8x...@...z..................@..@.reloc..X............4..............@..B................................................................................

                                                                                                                                                              C:\Windows\Temp\asw.e5da014393d7a8cd\ecoo.edat

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):21
                                                                                                                                                              Entropy (8bit):3.1368637096073178
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:1HqCqsjn:55Tn
                                                                                                                                                              MD5:06112A52C5F2C27C04F4ABECC9CFA0F2
                                                                                                                                                              SHA1:787FF30FB75D2018EBF3D9232EBFD9134B80CB69
                                                                                                                                                              SHA-256:EA9DC97A05195E708728AF276DB0482436EC20F1F00A617CF43A86B025B48252
                                                                                                                                                              SHA-512:31B4807705A0965DB2A99731B124652EA8C8793D2AF3D0FFCB52B55612AF083A21FF1B0ABEEE84835976D91DFA556527F5619C22682A2228DD947E209634C467
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:mmm_ava_esg_000_361_m

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Entropy (8bit):6.39112388440849
                                                                                                                                                              TrID:
                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                              File name:avast_free_antivirus_setup_online.exe
                                                                                                                                                              File size:263'520 bytes
                                                                                                                                                              MD5:3df8662a0a6e5d44dda952b703ca3415
                                                                                                                                                              SHA1:53e291164837412630395b77d21ddc0b9045b522
                                                                                                                                                              SHA256:15d337b503e75aadc343cfef9801ebdc16e6b255a404119ebd56c1e48e0e0179
                                                                                                                                                              SHA512:f64ad9d73c8e60df41f4afec070640ab241b390235a0bddc9efe8d910fc04b95e75ceeda7ddb0a7d7f10209ecfab80c0a07e2f1571f20c612c43b0c832eea15a
                                                                                                                                                              SSDEEP:3072:p2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhOn+TZ:p0KgGwHqwOOELha+sm2D2+UhngufE
                                                                                                                                                              TLSH:FA4427116D908062E1B61A30E5BCBA715A6D7FF00B7088DF53B07E2E3F751D2A635B62
                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A.

                                                                                                                                                              File Icon

                                                                                                                                                              Icon Hash:8e133369490d074c

                                                                                                                                                              Static PE Info

                                                                                                                                                              General

                                                                                                                                                              Entrypoint:0x401020
                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                              Digitally signed:true
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                              Time Stamp:0x64366D75 [Wed Apr 12 08:36:05 2023 UTC]
                                                                                                                                                              TLS Callbacks:
                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                              OS Version Major:5
                                                                                                                                                              OS Version Minor:1
                                                                                                                                                              File Version Major:5
                                                                                                                                                              File Version Minor:1
                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                              Import Hash:79b68a12e4eb6aa0c59dd1289006924f

                                                                                                                                                              Authenticode Signature

                                                                                                                                                              Signature Valid:true
                                                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                              Error Number:0
                                                                                                                                                              Not Before, Not After
                                                                                                                                                              • 16/01/2023 00:00:00 15/01/2026 23:59:59
                                                                                                                                                              Subject Chain
                                                                                                                                                              • CN=Avast Software s.r.o., O=Avast Software s.r.o., L=Praha, C=CZ
                                                                                                                                                              Version:3
                                                                                                                                                              Thumbprint MD5:88F0356B1045C86B3BE429E369E41C0B
                                                                                                                                                              Thumbprint SHA-1:22C7A21648690E1B610F1E964AFB3044EAE24335
                                                                                                                                                              Thumbprint SHA-256:8C5E3683E3D73A2E9C9452FC91757931A5333EAE9670BAF00874D3C8D6D6A52A
                                                                                                                                                              Serial:015A6BEC4D7F549FE525C852DF670E13

                                                                                                                                                              Entrypoint Preview

                                                                                                                                                              Instruction
                                                                                                                                                              push esi
                                                                                                                                                              push 00000000h
                                                                                                                                                              push 00000000h
                                                                                                                                                              push 00000001h
                                                                                                                                                              push 00000000h
                                                                                                                                                              call dword ptr [004230F4h]
                                                                                                                                                              push 0042359Ch
                                                                                                                                                              call dword ptr [00423104h]
                                                                                                                                                              test eax, eax
                                                                                                                                                              je 00007F6368DA7FE7h
                                                                                                                                                              push 004235B8h
                                                                                                                                                              push eax
                                                                                                                                                              call dword ptr [00423248h]
                                                                                                                                                              mov esi, eax
                                                                                                                                                              test esi, esi
                                                                                                                                                              je 00007F6368DA7FD5h
                                                                                                                                                              push 00000800h
                                                                                                                                                              mov ecx, esi
                                                                                                                                                              call dword ptr [004232ECh]
                                                                                                                                                              call esi
                                                                                                                                                              test eax, eax
                                                                                                                                                              jne 00007F6368DA8001h
                                                                                                                                                              push 004235D4h
                                                                                                                                                              call dword ptr [0042310Ch]
                                                                                                                                                              push 004235D8h
                                                                                                                                                              call dword ptr [00423104h]
                                                                                                                                                              test eax, eax
                                                                                                                                                              je 00007F6368DA7FE7h
                                                                                                                                                              push 004235ECh
                                                                                                                                                              push eax
                                                                                                                                                              call dword ptr [00423248h]
                                                                                                                                                              mov esi, eax
                                                                                                                                                              test esi, esi
                                                                                                                                                              je 00007F6368DA7FD5h
                                                                                                                                                              push 00000000h
                                                                                                                                                              push 00401100h
                                                                                                                                                              push 00000000h
                                                                                                                                                              mov ecx, esi
                                                                                                                                                              call dword ptr [004232ECh]
                                                                                                                                                              call esi
                                                                                                                                                              push 0000000Ah
                                                                                                                                                              call dword ptr [004230FCh]
                                                                                                                                                              test eax, eax
                                                                                                                                                              jne 00007F6368DA7FDAh
                                                                                                                                                              push 00002777h
                                                                                                                                                              call 00007F6368DAAA7Dh
                                                                                                                                                              add esp, 04h
                                                                                                                                                              push C000001Dh
                                                                                                                                                              call dword ptr [004230F8h]
                                                                                                                                                              call 00007F6368DAEEDAh
                                                                                                                                                              cmp eax, 05010300h
                                                                                                                                                              jnc 00007F6368DA7FDAh
                                                                                                                                                              push 00002778h
                                                                                                                                                              call 00007F6368DAAA59h
                                                                                                                                                              add esp, 04h
                                                                                                                                                              push 0000047Eh
                                                                                                                                                              call dword ptr [000030F8h]

                                                                                                                                                              Rich Headers

                                                                                                                                                              Programming Language:
                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                              • [C++] VS2008 SP1 build 30729

                                                                                                                                                              Data Directories

                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2bfd40x8c.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x310000xf3b8.rsrc
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x3dc480x2918
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x410000x1cb8.reloc
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2a5700x70.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x2a5e00x18.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24d600x40.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x230000x2ec.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bd540xc0.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                              Sections

                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                              .text0x10000x216ca0x21800f3aa9bfe0e0173b2d8dbf69e0f7b5c30False0.5465980643656716data6.552507871447298IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                              .rdata0x230000xa0600xa200f1313dbc7d48a2854099a510bfc2275fFalse0.4890528549382716data5.400803596600892IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                              .data0x2e0000x15c00xa00e676ce13014a1fea1d94c6052cb98545False0.20546875data2.7943028087818473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              .didat0x300000x4c0x200f2ff10bf470db291929511a1884e701bFalse0.111328125data0.6949183674939895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              .rsrc0x310000xf3b80xf400bdd37c967eb60adeae817513e51fa529False0.35335553278688525data4.9633021970710365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                              .reloc0x410000x1cb80x1e00b242d5c80ab78d037235c071e32e80d5False0.7776041666666667data6.568397975609428IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                              Resources

                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                              PNG0x317980x5d9PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.9926519706078825
                                                                                                                                                              PNG0x31d780x6e2PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.8671963677639046
                                                                                                                                                              RT_ICON0x324600x2140PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9937734962406015
                                                                                                                                                              RT_ICON0x345a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.12659423712801135
                                                                                                                                                              RT_ICON0x387c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.19387966804979254
                                                                                                                                                              RT_ICON0x3ad700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2319418386491557
                                                                                                                                                              RT_ICON0x3be180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.41400709219858156
                                                                                                                                                              RT_STRING0x3c2800x74Matlab v4 mat-file (little endian) v, numeric, rows 0, columns 0EnglishUnited States0.5086206896551724
                                                                                                                                                              RT_STRING0x3c2f80x160dataEnglishUnited States0.4914772727272727
                                                                                                                                                              RT_STRING0x3c4580x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                              RT_STRING0x3c4a00x2b6dataEnglishUnited States0.18011527377521613
                                                                                                                                                              RT_STRING0x3c7580x4adataEnglishUnited States0.6486486486486487
                                                                                                                                                              RT_STRING0x3c7a80x50dataFrenchFrance0.65
                                                                                                                                                              RT_STRING0x3c7f80x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                              RT_STRING0x3c8480x4adataRussianRussia0.6486486486486487
                                                                                                                                                              RT_STRING0x3c8980x4adata0.6486486486486487
                                                                                                                                                              RT_STRING0x3c8e80x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                              RT_STRING0x3c9300x48dataFrenchFrance0.6388888888888888
                                                                                                                                                              RT_STRING0x3c9780x48dataPortugueseBrazil0.6388888888888888
                                                                                                                                                              RT_STRING0x3c9c00x48dataRussianRussia0.6388888888888888
                                                                                                                                                              RT_STRING0x3ca080x48data0.6388888888888888
                                                                                                                                                              RT_STRING0x3ca500x82dataEnglishUnited States0.6230769230769231
                                                                                                                                                              RT_STRING0x3cad80x64dataFrenchFrance0.61
                                                                                                                                                              RT_STRING0x3cb400x5edataPortugueseBrazil0.5851063829787234
                                                                                                                                                              RT_STRING0x3cba00x5edataRussianRussia0.5851063829787234
                                                                                                                                                              RT_STRING0x3cc000x5edata0.5851063829787234
                                                                                                                                                              RT_STRING0x3cc600xa4dataEnglishUnited States0.4817073170731707
                                                                                                                                                              RT_STRING0x3cd080x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                              RT_STRING0x3cd680x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                              RT_STRING0x3cdc80x5cdataRussianRussia0.5543478260869565
                                                                                                                                                              RT_STRING0x3ce280x5cdata0.5543478260869565
                                                                                                                                                              RT_STRING0x3ce880xc0dataEnglishUnited States0.5833333333333334
                                                                                                                                                              RT_STRING0x3cf480x50dataFrenchFrance0.6625
                                                                                                                                                              RT_STRING0x3cf980x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                              RT_STRING0x3cfe80x4adataRussianRussia0.6486486486486487
                                                                                                                                                              RT_STRING0x3d0380x4adata0.6486486486486487
                                                                                                                                                              RT_STRING0x3d0880x160dataEnglishUnited States0.32670454545454547
                                                                                                                                                              RT_STRING0x3d1e80x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                              RT_STRING0x3d2480x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                              RT_STRING0x3d2a80x5cdataRussianRussia0.5543478260869565
                                                                                                                                                              RT_STRING0x3d3080x5cdata0.5543478260869565
                                                                                                                                                              RT_STRING0x3d3680x756dataEnglishUnited States0.3141640042598509
                                                                                                                                                              RT_STRING0x3dac00x930dataFrenchFrance0.31079931972789115
                                                                                                                                                              RT_STRING0x3e3f00x7eadataPortugueseBrazil0.31638696939782823
                                                                                                                                                              RT_STRING0x3ebe00x7ecdataRussianRussia0.34911242603550297
                                                                                                                                                              RT_STRING0x3f3d00x84edata0.3156161806208843
                                                                                                                                                              RT_RCDATA0x3fc200x15ASCII text, with no line terminatorsEnglishUnited States1.380952380952381
                                                                                                                                                              RT_GROUP_ICON0x3fc380x4cdataEnglishUnited States0.7894736842105263
                                                                                                                                                              RT_VERSION0x3fc880x2f8dataEnglishUnited States0.4723684210526316
                                                                                                                                                              RT_MANIFEST0x3ff800x437XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1019), with CRLF line terminatorsEnglishUnited States0.5041705282669138

                                                                                                                                                              Imports

                                                                                                                                                              DLLImport
                                                                                                                                                              KERNEL32.dllSetLastError, Sleep, GetFileSizeEx, WriteFile, SetEndOfFile, SetFilePointerEx, LocalFree, CloseHandle, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, EnumResourceNamesW, GetWindowsDirectoryW, CreateDirectoryW, CreateFileW, CreateThread, GetSystemTimeAsFileTime, GetNativeSystemInfo, lstrcatA, lstrlenA, GetVersionExA, GetCurrentProcess, GetExitCodeProcess, ResumeThread, ReleaseMutex, WaitForSingleObject, CreateMutexW, CreateProcessW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetDiskFreeSpaceExW, CopyFileW, MoveFileExW, CreateHardLinkW, HeapAlloc, GetProcessHeap, HeapSetInformation, ExitProcess, IsProcessorFeaturePresent, lstrcpyW, GetModuleHandleW, GetSystemDirectoryW, SetDllDirectoryW, InterlockedExchange, LockResource, WriteConsoleW, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, FindFirstFileExW, GetLastError, HeapFree, InterlockedExchangeAdd, GetVersionExW, FindResourceW, LoadLibraryW, SizeofResource, LoadResource, GlobalFree, GlobalUnlock, GlobalLock, FindClose, GetFileType, GetStringTypeW, GlobalAlloc, FreeLibrary, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, LoadLibraryA, DecodePointer, GetVersion, HeapDestroy, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, DeviceIoControl, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, OutputDebugStringW, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, GetACP, GetProcAddress
                                                                                                                                                              USER32.dllGetMessageW, TranslateMessage, DispatchMessageW, SendMessageW, AllowSetForegroundWindow, PostMessageW, wsprintfA, LoadStringW, MessageBoxExW, wsprintfW, SystemParametersInfoW, IsDialogMessageW, LoadImageW, DestroyIcon, FindWindowW, FillRect, GetWindowRect, InvalidateRect, EndPaint, BeginPaint, ReleaseDC, GetDC, SetForegroundWindow, GetSystemMetrics, KillTimer, SetTimer, SetFocus, SetWindowPos, DestroyWindow, CreateWindowExW, RegisterClassExW, PostQuitMessage, DefWindowProcW
                                                                                                                                                              GDI32.dllGetTextExtentPoint32W, GetObjectW, CreateDIBSection, SelectObject, CreateFontIndirectW, DeleteObject, CreateSolidBrush, CreatePatternBrush
                                                                                                                                                              ADVAPI32.dllCryptDestroyHash, CryptHashData, CryptCreateHash, CryptGenRandom, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextA, GetSidSubAuthorityCount, GetSidSubAuthority, IsValidSid, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorA
                                                                                                                                                              ole32.dllCoCreateInstance, CreateStreamOnHGlobal, CoUninitialize, CoInitializeEx
                                                                                                                                                              COMCTL32.dll

                                                                                                                                                              Possible Origin

                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                              EnglishUnited States
                                                                                                                                                              FrenchFrance
                                                                                                                                                              PortugueseBrazil
                                                                                                                                                              RussianRussia

                                                                                                                                                              Network Behavior

                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                              2024-11-17T04:14:07.110517+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973834.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:14:07.112649+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973934.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:14:08.504165+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974034.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:14:09.603836+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974334.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:14:10.440554+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974634.160.176.28443TCP
                                                                                                                                                              2024-11-17T04:14:10.934995+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44974734.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:14:41.239088+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976634.160.176.28443TCP
                                                                                                                                                              2024-11-17T04:14:46.231070+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44976834.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:14:47.440050+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44977634.111.24.1443TCP
                                                                                                                                                              2024-11-17T04:14:48.396659+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44978234.117.223.223443TCP
                                                                                                                                                              2024-11-17T04:15:45.357453+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.45003934.117.223.223443TCP

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Nov 17, 2024 04:13:53.360106945 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:13:53.365529060 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:13:53.365747929 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:13:53.366672993 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:13:53.366672993 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:13:53.371872902 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:13:53.376319885 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:13:54.000298023 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:13:54.053091049 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:01.950566053 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:01.950566053 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:01.955941916 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:01.955969095 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:02.105849981 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:02.146837950 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.485892057 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.485980988 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:06.486085892 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.487787962 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.487868071 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:06.495392084 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.495477915 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:06.495589018 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.495960951 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:06.496042013 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.110436916 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.110517025 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.112571955 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.112648964 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.114032984 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.114047050 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.114526033 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.116853952 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.116906881 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.117337942 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.162365913 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.162450075 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.544352055 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.544356108 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.544384956 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.544394016 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.544449091 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.544486046 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.704732895 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.705889940 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.706351042 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.706825972 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.706964970 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.707129002 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.707743883 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.707786083 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.707815886 CET49738443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.707832098 CET4434973834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.708513021 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.708513021 CET49739443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.708579063 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.708615065 CET4434973934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.897716999 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.897803068 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:07.897886992 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.898305893 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:07.898386002 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.504060030 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.504164934 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.505836964 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.505891085 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.506479979 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.507741928 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.507788897 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.507807016 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.663515091 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.663784027 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.663784027 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.664011002 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.664047956 CET4434974034.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.664226055 CET49740443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.988069057 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.988106012 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:08.988229036 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.988565922 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:08.988576889 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.603672028 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.603836060 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.604741096 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.604749918 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.605262041 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.605972052 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.605972052 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.605990887 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.767616034 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.769030094 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.769097090 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.769629955 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.769738913 CET4434974334.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.770535946 CET49743443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:09.818770885 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:09.818802118 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.819139957 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:09.820930004 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:09.820952892 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.327455044 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.327552080 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.328839064 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.328964949 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.328996897 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.440445900 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.440553904 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.448904037 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.448956966 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.449517012 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.490631104 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.518563986 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.518692017 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.518949032 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.709796906 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.709875107 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.709933043 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.709984064 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.710074902 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.710123062 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.710166931 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.710306883 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.710359097 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.710366011 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.710469007 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.710515976 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.710522890 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.756104946 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.756122112 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.802959919 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.826601982 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.826843023 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.826894045 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.826911926 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827023983 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827083111 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.827090979 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827183008 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827235937 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.827241898 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827389956 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827459097 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.827466011 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827550888 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827600002 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.827605963 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827711105 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827775955 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.827781916 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827858925 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.827908039 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.827914953 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.828726053 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.828797102 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.828804016 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.829118013 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.829169989 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.829226971 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.829242945 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.829257965 CET49746443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:10.829263926 CET4434974634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.934806108 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.934994936 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.936202049 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.936256886 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.936800957 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:10.937716961 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.937764883 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:10.937783003 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:11.097156048 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:11.097423077 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:11.097423077 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:11.098138094 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:11.098229885 CET4434974734.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:11.098402977 CET49747443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:40.622613907 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:40.622656107 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:40.622770071 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:40.624135017 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:40.624151945 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:41.239012003 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:41.239088058 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:41.245388031 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:41.245428085 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:41.245796919 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:41.287535906 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:41.883610964 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:41.883675098 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:41.883930922 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237004042 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237030983 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237185001 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.237215996 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237399101 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.237518072 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237555981 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237597942 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237685919 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.237718105 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.237778902 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.355505943 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.355542898 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.355753899 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.355783939 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.360424042 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.360451937 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.360485077 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.360515118 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.360573053 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.365052938 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.365237951 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.365257025 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.365283012 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.365291119 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.365339994 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.365345955 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.412396908 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.473969936 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474025965 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474180937 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.474183083 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474226952 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474237919 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474275112 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.474361897 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474401951 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474410057 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.474423885 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474477053 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.474895000 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474937916 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.474982977 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.474991083 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.475203037 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.475259066 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.475325108 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.475338936 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:42.475357056 CET49766443192.168.2.434.160.176.28
                                                                                                                                                              Nov 17, 2024 04:14:42.475363016 CET4434976634.160.176.28192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.632363081 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:45.632405043 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.632488012 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:45.632741928 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:45.632757902 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.634365082 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:45.634479046 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.634557009 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:45.636106968 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:45.636143923 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.230997086 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.231070042 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.232450962 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.232459068 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.232801914 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.233413935 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.233438969 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.233448029 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.242531061 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.242619991 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.247232914 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.247299910 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.247792959 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.248230934 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.291332960 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.385698080 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.386939049 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.386992931 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.387041092 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.387054920 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.387101889 CET49768443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.387109041 CET4434976834.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.405020952 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.405512094 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.405512094 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.405596972 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.406121016 CET4434976934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.406191111 CET49769443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:46.823302031 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:46.823389053 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.823477983 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:46.823873043 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:46.823952913 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.439948082 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.440049887 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.453833103 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.453907013 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.454351902 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.454967022 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.499337912 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.617688894 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.617752075 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.617822886 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.617893934 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.617957115 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.618014097 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.618303061 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.618354082 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.618360043 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.618380070 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.618433952 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.734751940 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.734818935 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.734848022 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.734880924 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.734899044 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.734905958 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.734935045 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.734941006 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.734951973 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.735006094 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.735115051 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.735115051 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.735146999 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.735729933 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.735785007 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.735884905 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.735914946 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.735953093 CET49776443192.168.2.434.111.24.1
                                                                                                                                                              Nov 17, 2024 04:14:47.735966921 CET4434977634.111.24.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.777918100 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:47.778002024 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.778081894 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:47.778347015 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:47.778377056 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:48.396476984 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:48.396658897 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:48.397936106 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:48.397944927 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:48.398256063 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:48.399060965 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:14:48.399091959 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:48.558491945 CET4434978234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:48.559032917 CET49782443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:02.256402016 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:02.262192011 CET804973234.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:02.262269974 CET4973280192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:44.734533072 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:44.734611034 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:44.734700918 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:44.735012054 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:44.735040903 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.357283115 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.357453108 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.361260891 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.361294985 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.362219095 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.364470005 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.364864111 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.364876032 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.524822950 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.525932074 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.526007891 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.526089907 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.526129007 CET4435003934.117.223.223192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:15:45.526155949 CET50039443192.168.2.434.117.223.223
                                                                                                                                                              Nov 17, 2024 04:15:45.526170969 CET4435003934.117.223.223192.168.2.4

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Nov 17, 2024 04:13:53.346546888 CET5894753192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:13:53.346838951 CET5239053192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:13:53.354257107 CET53523901.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:06.484536886 CET5210553192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:06.494703054 CET53521051.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.714493036 CET6205353192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:09.721672058 CET53620531.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.722928047 CET5278753192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:09.730212927 CET53527871.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:09.796317101 CET5946653192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:09.803518057 CET53594661.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:13.283329964 CET4924753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.284987926 CET5201853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.285367012 CET4924753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.286240101 CET6088353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.286942959 CET4924753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.288105011 CET6154353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.288455963 CET4924753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.289721966 CET5202953192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.290071011 CET4924753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.291222095 CET5793453192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.291551113 CET4924753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.292565107 CET5032553192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.376128912 CET5033753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.377052069 CET5730453192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.377628088 CET5033753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.382194996 CET5652353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.382699966 CET5033753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.383682966 CET6154053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.384249926 CET5033753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.385303974 CET6505553192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.386490107 CET5033753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.391783953 CET6280653192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.392163992 CET5033753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:13.392883062 CET6060353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.816229105 CET5782053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.820480108 CET6507353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.820710897 CET5782053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.824142933 CET6065353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.824522018 CET5782053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.827868938 CET5261353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.829432964 CET5782053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.830352068 CET5898453192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.830873013 CET5782053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.831784964 CET5630153192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.833420992 CET5782053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.834207058 CET6254653192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.916035891 CET6255853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.916690111 CET5273253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.916979074 CET6255853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.917601109 CET6047753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.917870998 CET6255853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.918462038 CET5004753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.918749094 CET6255853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.919353008 CET6304253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.919617891 CET6255853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.920352936 CET6358353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.920705080 CET6255853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:35.921385050 CET4918853192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.172507048 CET6134253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.173549891 CET5378253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.174197912 CET6134253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.175152063 CET5044253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.175795078 CET6134253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.176726103 CET6435353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.177251101 CET6134253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.178455114 CET5899053192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.179071903 CET6134253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.180062056 CET6282553192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.180604935 CET6134253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.181627989 CET5190553192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.274916887 CET5191753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.275810003 CET5172453192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.276315928 CET5191753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.277194977 CET6521553192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.277648926 CET5191753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.278341055 CET5765253192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.278816938 CET5191753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.279690981 CET5704153192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.280142069 CET5191753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.280966997 CET5498353192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.281395912 CET5191753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:37.282212973 CET5168553192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:40.590733051 CET4932253192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:40.600033045 CET53493221.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:44.807209015 CET6410453192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:44.807755947 CET5878753192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:44.814064026 CET53641048.8.8.8192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:44.814428091 CET53587878.8.8.8192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.228877068 CET5878953192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:45.229310036 CET6445453192.168.2.48.8.8.8
                                                                                                                                                              Nov 17, 2024 04:14:45.236013889 CET53587898.8.8.8192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.236296892 CET53644548.8.8.8192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:45.626169920 CET6445553192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:45.633709908 CET53644551.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.807353020 CET5942953192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:46.814318895 CET53594291.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:46.815325975 CET5465553192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:46.822532892 CET53546551.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.762150049 CET5846853192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:47.762722015 CET5414353192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:47.769422054 CET53541431.1.1.1192.168.2.4
                                                                                                                                                              Nov 17, 2024 04:14:47.770483017 CET5755953192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:47.771157026 CET5694753192.168.2.41.1.1.1
                                                                                                                                                              Nov 17, 2024 04:14:47.777199984 CET53575591.1.1.1192.168.2.4

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                              Nov 17, 2024 04:13:53.346546888 CET192.168.2.41.1.1.10xb2fStandard query (0)iavs9x.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:13:53.346838951 CET192.168.2.41.1.1.10xc8a2Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:06.484536886 CET192.168.2.41.1.1.10x5ca6Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.714493036 CET192.168.2.41.1.1.10x73a1Standard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.722928047 CET192.168.2.41.1.1.10xb87fStandard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.796317101 CET192.168.2.41.1.1.10xeeb9Standard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.283329964 CET192.168.2.48.8.8.80x6175Standard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.284987926 CET192.168.2.48.8.8.80x1ffbStandard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.285367012 CET192.168.2.48.8.8.80xc4f1Standard query (0)n4291289.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.286240101 CET192.168.2.48.8.8.80x5f85Standard query (0)n4291289.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.286942959 CET192.168.2.48.8.8.80x110aStandard query (0)p9854759.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.288105011 CET192.168.2.48.8.8.80x75c0Standard query (0)p9854759.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.288455963 CET192.168.2.48.8.8.80x289bStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.289721966 CET192.168.2.48.8.8.80x4e8dStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.290071011 CET192.168.2.48.8.8.80xc906Standard query (0)s1843811.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.291222095 CET192.168.2.48.8.8.80xc90eStandard query (0)s1843811.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.291551113 CET192.168.2.48.8.8.80xb2d3Standard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.292565107 CET192.168.2.48.8.8.80x75b8Standard query (0)w5805295.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.376128912 CET192.168.2.48.8.8.80x586aStandard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.377052069 CET192.168.2.48.8.8.80x5b85Standard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.377628088 CET192.168.2.48.8.8.80xa48eStandard query (0)n4291289.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.382194996 CET192.168.2.48.8.8.80x8cd0Standard query (0)n4291289.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.382699966 CET192.168.2.48.8.8.80xc156Standard query (0)p9854759.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.383682966 CET192.168.2.48.8.8.80x3bf2Standard query (0)p9854759.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.384249926 CET192.168.2.48.8.8.80x997Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.385303974 CET192.168.2.48.8.8.80xa8d0Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.386490107 CET192.168.2.48.8.8.80xbd34Standard query (0)s1843811.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.391783953 CET192.168.2.48.8.8.80x289eStandard query (0)s1843811.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.392163992 CET192.168.2.48.8.8.80x949fStandard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.392883062 CET192.168.2.48.8.8.80x725cStandard query (0)w5805295.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.816229105 CET192.168.2.48.8.8.80xd6dcStandard query (0)f3461309.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.820480108 CET192.168.2.48.8.8.80x5395Standard query (0)f3461309.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.820710897 CET192.168.2.48.8.8.80xf09bStandard query (0)h4444966.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.824142933 CET192.168.2.48.8.8.80xa7f0Standard query (0)h4444966.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.824522018 CET192.168.2.48.8.8.80xde3cStandard query (0)n8283613.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.827868938 CET192.168.2.48.8.8.80x6e4cStandard query (0)n8283613.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.829432964 CET192.168.2.48.8.8.80x74f9Standard query (0)r9319236.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.830352068 CET192.168.2.48.8.8.80x7baeStandard query (0)r9319236.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.830873013 CET192.168.2.48.8.8.80xa8aaStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.831784964 CET192.168.2.48.8.8.80xd9efStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.833420992 CET192.168.2.48.8.8.80xe244Standard query (0)y9830512.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.834207058 CET192.168.2.48.8.8.80xc1a1Standard query (0)y9830512.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.916035891 CET192.168.2.48.8.8.80x1f3bStandard query (0)f3461309.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.916690111 CET192.168.2.48.8.8.80x3b32Standard query (0)f3461309.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.916979074 CET192.168.2.48.8.8.80xf1bfStandard query (0)h4444966.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.917601109 CET192.168.2.48.8.8.80xe547Standard query (0)h4444966.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.917870998 CET192.168.2.48.8.8.80x96b7Standard query (0)n8283613.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.918462038 CET192.168.2.48.8.8.80x957aStandard query (0)n8283613.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.918749094 CET192.168.2.48.8.8.80x1579Standard query (0)r9319236.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.919353008 CET192.168.2.48.8.8.80x26b7Standard query (0)r9319236.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.919617891 CET192.168.2.48.8.8.80x2264Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.920352936 CET192.168.2.48.8.8.80x19deStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.920705080 CET192.168.2.48.8.8.80xef1cStandard query (0)y9830512.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.921385050 CET192.168.2.48.8.8.80xb365Standard query (0)y9830512.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.172507048 CET192.168.2.48.8.8.80x52c2Standard query (0)n2833777.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.173549891 CET192.168.2.48.8.8.80xe000Standard query (0)n2833777.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.174197912 CET192.168.2.48.8.8.80x646dStandard query (0)n4291289.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.175152063 CET192.168.2.48.8.8.80x92acStandard query (0)n4291289.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.175795078 CET192.168.2.48.8.8.80x3593Standard query (0)r4427608.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.176726103 CET192.168.2.48.8.8.80xef10Standard query (0)r4427608.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.177251101 CET192.168.2.48.8.8.80xef2eStandard query (0)r9319236.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.178455114 CET192.168.2.48.8.8.80x4227Standard query (0)r9319236.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.179071903 CET192.168.2.48.8.8.80x2432Standard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.180062056 CET192.168.2.48.8.8.80x764dStandard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.180604935 CET192.168.2.48.8.8.80x5f67Standard query (0)y8002308.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.181627989 CET192.168.2.48.8.8.80xda8cStandard query (0)y8002308.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.274916887 CET192.168.2.48.8.8.80x7ff8Standard query (0)n2833777.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.275810003 CET192.168.2.48.8.8.80x84abStandard query (0)n2833777.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.276315928 CET192.168.2.48.8.8.80x7c4cStandard query (0)n4291289.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.277194977 CET192.168.2.48.8.8.80xb3d7Standard query (0)n4291289.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.277648926 CET192.168.2.48.8.8.80xca02Standard query (0)r4427608.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.278341055 CET192.168.2.48.8.8.80x4116Standard query (0)r4427608.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.278816938 CET192.168.2.48.8.8.80xc927Standard query (0)r9319236.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.279690981 CET192.168.2.48.8.8.80xc8ccStandard query (0)r9319236.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.280142069 CET192.168.2.48.8.8.80xe233Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.280966997 CET192.168.2.48.8.8.80xcf49Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.281395912 CET192.168.2.48.8.8.80x9866Standard query (0)y8002308.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.282212973 CET192.168.2.48.8.8.80x20acStandard query (0)y8002308.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:40.590733051 CET192.168.2.41.1.1.10xca0Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.807209015 CET192.168.2.48.8.8.80x2418Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.807755947 CET192.168.2.48.8.8.80x7b00Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.228877068 CET192.168.2.48.8.8.80x595cStandard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.229310036 CET192.168.2.48.8.8.80x2b85Standard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.626169920 CET192.168.2.41.1.1.10x978bStandard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.807353020 CET192.168.2.41.1.1.10x719fStandard query (0)ipm.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.815325975 CET192.168.2.41.1.1.10x4582Standard query (0)ipm.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.762150049 CET192.168.2.41.1.1.10x51e9Standard query (0)ipmcdn.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.762722015 CET192.168.2.41.1.1.10x9d19Standard query (0)analytics.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.770483017 CET192.168.2.41.1.1.10xf150Standard query (0)analytics.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.771157026 CET192.168.2.41.1.1.10xad37Standard query (0)ipmcdn.avast.comA (IP address)IN (0x0001)false

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                              Nov 17, 2024 04:13:53.354257107 CET1.1.1.1192.168.2.40xc8a2No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:13:53.354257107 CET1.1.1.1192.168.2.40xc8a2No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:13:53.354257107 CET1.1.1.1192.168.2.40xc8a2No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:13:53.367872953 CET1.1.1.1192.168.2.40xb2fNo error (0)iavs9x.u.avcdn.netiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:06.494703054 CET1.1.1.1192.168.2.40x5ca6No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:06.494703054 CET1.1.1.1192.168.2.40x5ca6No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:06.494703054 CET1.1.1.1192.168.2.40x5ca6No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.721672058 CET1.1.1.1192.168.2.40x73a1No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.721672058 CET1.1.1.1192.168.2.40x73a1No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.730212927 CET1.1.1.1192.168.2.40xb87fNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.803518057 CET1.1.1.1192.168.2.40xeeb9No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:09.803518057 CET1.1.1.1192.168.2.40xeeb9No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.292257071 CET8.8.8.8192.168.2.40x6175No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.293899059 CET8.8.8.8192.168.2.40x1ffbNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.294457912 CET8.8.8.8192.168.2.40xc4f1No error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.295212984 CET8.8.8.8192.168.2.40x75c0No error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.296211958 CET8.8.8.8192.168.2.40x110aNo error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.297245979 CET8.8.8.8192.168.2.40xc906No error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.297362089 CET8.8.8.8192.168.2.40x289bNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.298172951 CET8.8.8.8192.168.2.40x4e8dNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.299525976 CET8.8.8.8192.168.2.40x75b8No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.299644947 CET8.8.8.8192.168.2.40xb2d3No error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.300013065 CET8.8.8.8192.168.2.40xc90eNo error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.306566954 CET8.8.8.8192.168.2.40x5f85No error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.385788918 CET8.8.8.8192.168.2.40x5b85No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.386292934 CET8.8.8.8192.168.2.40x586aNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.386624098 CET8.8.8.8192.168.2.40xa48eNo error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.389966011 CET8.8.8.8192.168.2.40xc156No error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.391055107 CET8.8.8.8192.168.2.40x8cd0No error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.392384052 CET8.8.8.8192.168.2.40x3bf2No error (0)p9854759.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.393554926 CET8.8.8.8192.168.2.40x997No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.394301891 CET8.8.8.8192.168.2.40xa8d0No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.395042896 CET8.8.8.8192.168.2.40xbd34No error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.399861097 CET8.8.8.8192.168.2.40x949fNo error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.400885105 CET8.8.8.8192.168.2.40x289eNo error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:13.401163101 CET8.8.8.8192.168.2.40x725cNo error (0)w5805295.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.825504065 CET8.8.8.8192.168.2.40xd6dcNo error (0)f3461309.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.829404116 CET8.8.8.8192.168.2.40x5395No error (0)f3461309.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.829492092 CET8.8.8.8192.168.2.40xf09bNo error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.831114054 CET8.8.8.8192.168.2.40xa7f0No error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.831729889 CET8.8.8.8192.168.2.40xde3cNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.836318970 CET8.8.8.8192.168.2.40x74f9No error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.836841106 CET8.8.8.8192.168.2.40x6e4cNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.837318897 CET8.8.8.8192.168.2.40x7baeNo error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.839616060 CET8.8.8.8192.168.2.40xa8aaNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.840204954 CET8.8.8.8192.168.2.40xd9efNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.840518951 CET8.8.8.8192.168.2.40xe244No error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.843265057 CET8.8.8.8192.168.2.40xc1a1No error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.925165892 CET8.8.8.8192.168.2.40x1f3bNo error (0)f3461309.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.926255941 CET8.8.8.8192.168.2.40x3b32No error (0)f3461309.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.926287889 CET8.8.8.8192.168.2.40x96b7No error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.926321030 CET8.8.8.8192.168.2.40xe547No error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.926348925 CET8.8.8.8192.168.2.40xf1bfNo error (0)h4444966.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.928788900 CET8.8.8.8192.168.2.40x1579No error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.928818941 CET8.8.8.8192.168.2.40x957aNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.928848028 CET8.8.8.8192.168.2.40x26b7No error (0)r9319236.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.928883076 CET8.8.8.8192.168.2.40x2264No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.930104971 CET8.8.8.8192.168.2.40x19deNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.930727959 CET8.8.8.8192.168.2.40xef1cNo error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:35.931803942 CET8.8.8.8192.168.2.40xb365No error (0)y9830512.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.186144114 CET8.8.8.8192.168.2.40x3593No error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.186192989 CET8.8.8.8192.168.2.40xef2eNo error (0)r9319236.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.187716961 CET8.8.8.8192.168.2.40x2432No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.189467907 CET8.8.8.8192.168.2.40x764dNo error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.190650940 CET8.8.8.8192.168.2.40x52c2No error (0)n2833777.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.192186117 CET8.8.8.8192.168.2.40x646dNo error (0)n4291289.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.192847967 CET8.8.8.8192.168.2.40xda8cNo error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.192903042 CET8.8.8.8192.168.2.40x92acNo error (0)n4291289.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.194799900 CET8.8.8.8192.168.2.40x4227No error (0)r9319236.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.198489904 CET8.8.8.8192.168.2.40x5f67No error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.202375889 CET8.8.8.8192.168.2.40xe000No error (0)n2833777.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.204006910 CET8.8.8.8192.168.2.40xef10No error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.283257008 CET8.8.8.8192.168.2.40x7ff8No error (0)n2833777.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.284523964 CET8.8.8.8192.168.2.40x84abNo error (0)n2833777.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.284538031 CET8.8.8.8192.168.2.40xca02No error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.287225962 CET8.8.8.8192.168.2.40x4116No error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.287326097 CET8.8.8.8192.168.2.40xc927No error (0)r9319236.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.287415981 CET8.8.8.8192.168.2.40xb3d7No error (0)n4291289.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.288466930 CET8.8.8.8192.168.2.40xc8ccNo error (0)r9319236.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.288728952 CET8.8.8.8192.168.2.40xe233No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.289119959 CET8.8.8.8192.168.2.40x20acNo error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.289374113 CET8.8.8.8192.168.2.40xcf49No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.294063091 CET8.8.8.8192.168.2.40x7c4cNo error (0)n4291289.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:37.298264027 CET8.8.8.8192.168.2.40x9866No error (0)y8002308.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:40.600033045 CET1.1.1.1192.168.2.40xca0No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.814064026 CET8.8.8.8192.168.2.40x2418No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.814064026 CET8.8.8.8192.168.2.40x2418No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.814064026 CET8.8.8.8192.168.2.40x2418No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.814428091 CET8.8.8.8192.168.2.40x7b00No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.814428091 CET8.8.8.8192.168.2.40x7b00No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:44.814428091 CET8.8.8.8192.168.2.40x7b00No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.236013889 CET8.8.8.8192.168.2.40x595cNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.236013889 CET8.8.8.8192.168.2.40x595cNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.236296892 CET8.8.8.8192.168.2.40x2b85No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.236296892 CET8.8.8.8192.168.2.40x2b85No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.633709908 CET1.1.1.1192.168.2.40x978bNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.633709908 CET1.1.1.1192.168.2.40x978bNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:45.633709908 CET1.1.1.1192.168.2.40x978bNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.814318895 CET1.1.1.1192.168.2.40x719fNo error (0)ipm.avcdn.netipm-provider.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.814318895 CET1.1.1.1192.168.2.40x719fNo error (0)ipm-provider.ff.avast.comipm-gcp-prod.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.814318895 CET1.1.1.1192.168.2.40x719fNo error (0)ipm-gcp-prod.ff.avast.com34.111.24.1A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.822532892 CET1.1.1.1192.168.2.40x4582No error (0)ipm.avcdn.netipm-provider.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.822532892 CET1.1.1.1192.168.2.40x4582No error (0)ipm-provider.ff.avast.comipm-gcp-prod.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:46.822532892 CET1.1.1.1192.168.2.40x4582No error (0)ipm-gcp-prod.ff.avast.com34.111.24.1A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.769422054 CET1.1.1.1192.168.2.40x9d19No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.769422054 CET1.1.1.1192.168.2.40x9d19No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.770247936 CET1.1.1.1192.168.2.40x51e9No error (0)ipmcdn.avast.comipmcdn.avast.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.777199984 CET1.1.1.1192.168.2.40xf150No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.777199984 CET1.1.1.1192.168.2.40xf150No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                              Nov 17, 2024 04:14:47.778970003 CET1.1.1.1192.168.2.40xad37No error (0)ipmcdn.avast.comipmcdn.avast.com.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • analytics.avcdn.net
                                                                                                                                                              • v7event.stats.avast.com
                                                                                                                                                              • shepherd.ff.avast.com
                                                                                                                                                              • ipm.avcdn.net
                                                                                                                                                              • analytics.ff.avast.com

                                                                                                                                                              HTTP Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.44973234.117.223.223801900C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Nov 17, 2024 04:13:53.366672993 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              User-Agent: Avast Microstub/2.1
                                                                                                                                                              Content-Length: 267
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              Nov 17, 2024 04:13:53.366672993 CET267OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43
                                                                                                                                                              Data Ascii: cookie=mmm_ava_esg_000_361_medition=1event=microstub-startmidex=3F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66stat_session=51b07815-7ab2-4cca-81ea-39f3770cce06statsSendTime=1731813231os=win,10,0,2,19045,0,AMD64exe_vers
                                                                                                                                                              Nov 17, 2024 04:13:54.000298023 CET96INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:13:53 GMT
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Nov 17, 2024 04:14:01.950566053 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              User-Agent: Avast Microstub/2.1
                                                                                                                                                              Content-Length: 282
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              Nov 17, 2024 04:14:01.950566053 CET282OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46
                                                                                                                                                              Data Ascii: cookie=mmm_ava_esg_000_361_medition=1event=microstub-downloadmidex=3F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66stat_session=51b07815-7ab2-4cca-81ea-39f3770cce06statsSendTime=1731813240os=win,10,0,2,19045,0,AMD64exe_v
                                                                                                                                                              Nov 17, 2024 04:14:02.105849981 CET96INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:02 GMT
                                                                                                                                                              Via: 1.1 google


                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.44973934.117.223.2234432104C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:07 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/json
                                                                                                                                                              User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                              Content-Length: 604
                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                              2024-11-17 03:14:07 UTC604OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 31 2c 22 74 69 6d 65 22 3a 31 37 33 31 38 31 37 36 35 32 39 32 37 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 22 2c 22 68 77 69 64 22 3a 22 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 42 42 41 32 34 41 44 31 43 32 34 42 32 43 34 43 32 46 35 44 44 46 41 31 34 32 41 36 33 43 36 36 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 22 7d 2c 22 69 6e 73 74 75 70 22 3a
                                                                                                                                                              Data Ascii: {"record":[{"event":{"subtype":1,"time":1731817652927,"type":70},"identity":{"guid":"ad54635d-aa65-492b-8623-e9fd8fd3918b","hwid":"3F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66"},"installation":{"aiid":"mmm_ava_esg_000_361_m"},"instup":
                                                                                                                                                              2024-11-17 03:14:07 UTC216INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:07 GMT
                                                                                                                                                              Content-Type: application/json
                                                                                                                                                              Content-Length: 19
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:14:07 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                              Data Ascii: {"processed": true}


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              1192.168.2.44973834.117.223.2234432104C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:07 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              Content-MD5: YhXdHLEFUeYCLzJZEiIHnQ==
                                                                                                                                                              User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                              Content-Length: 392
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              2024-11-17 03:14:07 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 33 32 33 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 62 61 32 34 61 64 31 63 32 34 62
                                                                                                                                                              Data Ascii: SfxCreated=1731813231SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=ad54635d-aa65-492b-8623-e9fd8fd3918bmidex=3f5c7cd44d1f6ac769934cada267b4dfbba24ad1c24b
                                                                                                                                                              2024-11-17 03:14:07 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:07 GMT
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              2192.168.2.44974034.117.223.2234432104C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:08 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              Content-MD5: YhXdHLEFUeYCLzJZEiIHnQ==
                                                                                                                                                              User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                              Content-Length: 392
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              2024-11-17 03:14:08 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 33 32 33 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 62 61 32 34 61 64 31 63 32 34 62
                                                                                                                                                              Data Ascii: SfxCreated=1731813231SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=ad54635d-aa65-492b-8623-e9fd8fd3918bmidex=3f5c7cd44d1f6ac769934cada267b4dfbba24ad1c24b
                                                                                                                                                              2024-11-17 03:14:08 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:08 GMT
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              3192.168.2.44974334.117.223.2234432104C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:09 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              Content-MD5: YhXdHLEFUeYCLzJZEiIHnQ==
                                                                                                                                                              User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                              Content-Length: 392
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              2024-11-17 03:14:09 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 33 32 33 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 62 61 32 34 61 64 31 63 32 34 62
                                                                                                                                                              Data Ascii: SfxCreated=1731813231SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=ad54635d-aa65-492b-8623-e9fd8fd3918bmidex=3f5c7cd44d1f6ac769934cada267b4dfbba24ad1c24b
                                                                                                                                                              2024-11-17 03:14:09 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:09 GMT
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              4192.168.2.44974634.160.176.284435828C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:10 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                              Content-Length: 271
                                                                                                                                                              2024-11-17 03:14:10 UTC271OUTData Raw: 64 61 74 61 3d 43 41 41 51 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 59 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 67 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 71 46 57 31 74 62 56 39 68 64 6d 46 66 5a 58 4e 6e 58 7a 41 77 4d 46 38 7a 4e 6a 46 66 62 57 49 43 43 67 43 49 41 51 44 4b 41 79 52 68 5a 44 55 30 4e 6a 4d 31 5a 43 31 68 59 54 59 31 4c 54 51 35 4d 6d 49 74 4f 44 59 79 4d 79 31 6c 4f 57 5a 6b 4f 47 5a 6b 4d 7a 6b 78 4f 47 4c 79 41 77 51 34 4d 54 6b 78 67 67 6c 41 4d 30 59 31 51 7a 64 44 52 44 51 30 52 44 46 47 4e 6b 46 44 4e 7a 59 35 4f 54 4d 30 51 30 46 45 51 54 49 32 4e 30 49 30 52 45 5a 43 51 6b 45 79 4e 45 46 45 4d 55 4d 79 4e 45 49 79 51 7a 52 44 4d 6b 59 31 52 45 52 47 51 54 45 30 4d 6b 45 32 4d 30 4d 32 4e 74 6f 54
                                                                                                                                                              Data Ascii: data=CAAQ%2F%2F%2F%2F%2Fw8Y%2F%2F%2F%2F%2Fw8g%2F%2F%2F%2F%2Fw8qFW1tbV9hdmFfZXNnXzAwMF8zNjFfbWICCgCIAQDKAyRhZDU0NjM1ZC1hYTY1LTQ5MmItODYyMy1lOWZkOGZkMzkxOGLyAwQ4MTkxgglAM0Y1QzdDRDQ0RDFGNkFDNzY5OTM0Q0FEQTI2N0I0REZCQkEyNEFEMUMyNEIyQzRDMkY1RERGQTE0MkE2M0M2NtoT
                                                                                                                                                              2024-11-17 03:14:10 UTC1679INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:10 GMT
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 34405
                                                                                                                                                              AB-Tests: 49afa038-20e4-4cff-b058-f7c69b5a850d:A,Indruch_SS_4Thursdays_fake:c,av-32836-v2-fake:b,av-39646-v2-fake:a,oa-7466-v0:a
                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                              Config-Id: 5
                                                                                                                                                              Config-Name: Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_not-avast-one_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release-stage-2_v2017_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ispublicrelease_versions-older-than-24.6_usa_ipm_6513_open_ui_a_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-4c4a63b919031e41a77f869d146f58178162fd95f1c605a8a4a1afbb8080a241
                                                                                                                                                              Config-Version: 5198
                                                                                                                                                              Segments: websocket testing,ipm_6363_chrome_offer_setup_free,free,production new installs,not avast one,version 18.6 and higher,production,product version older than 24.4,quic sni block release stage 2,v2017,noomnianda1,phone support tile,avast 18 r7 and 18 r8,fs and idp integration,cef settings off,opening browser onboarding,old smartscan,ispublicrelease,versions older than 24.6,usa,ipm_6513_open_ui_a,test akamai,test pam no master password,v18.5 and higher,cleanup premium installation,release - iavs9x only,version 19.1 and older
                                                                                                                                                              TTL: 86400
                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:14:10 UTC1679INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                              Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                              2024-11-17 03:14:10 UTC1679INData Raw: 70 5a 43 49 36 49 6b 46 57 51 56 4e 55 58 30 46 57 58 31 42 42 57 55 31 46 54 6c 52 66 52 6b 46 4a 54 45 56 45 58 7a 4d 30 4e 79 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 42 76 63 48 56 77 49 69 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 51 33 4c 43 4a 6a 62 32 35 7a 64 48 4a 68 61 57 35 30 63 79 49 36 65 79 4a 68 62 6d 51 69 4f 6c 74 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 78 70 64 43 4a 39 4c 44 45 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 47 56 34 49 6e 30 73 4d 54 56 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d
                                                                                                                                                              Data Ascii: pZCI6IkFWQVNUX0FWX1BBWU1FTlRfRkFJTEVEXzM0NyIsInBsYWNlbWVudCI6InBvcHVwIiwiZWxlbWVudCI6MzQ3LCJjb25zdHJhaW50cyI6eyJhbmQiOlt7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2xpdCJ9LDEwXX0seyJsZXNzZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbGV4In0sMTVdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYm
                                                                                                                                                              2024-11-17 03:14:10 UTC738INData Raw: 51 69 4f 69 4a 77 62 33 42 31 63 43 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 4d 33 4e 69 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 43 77 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4e 6a 42 39 66 58 30 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66
                                                                                                                                                              Data Ascii: QiOiJwb3B1cCIsImVsZW1lbnQiOjM3Niwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0cnlBZ2FpbkFmdGVyIjozMCwidGltZVRvTGl2ZUFjdGl2ZU1zZyI6NjB9fX0sImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQif
                                                                                                                                                              2024-11-17 03:14:10 UTC1378INData Raw: 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 63 48 4a 76 49 6e 30 73 4d 31 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 78 7a 64 43 4a 39 4c 44 56 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 62 48 4e 30 49 6e 30 73 4d 46 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 32 5a 58 41 69 66 53 77 78 4f 56 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30
                                                                                                                                                              Data Ascii: eyJsZXNzZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfcHJvIn0sM119LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2xzdCJ9LDVdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfbHN0In0sMF19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF92ZXAifSwxOV19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0
                                                                                                                                                              2024-11-17 03:14:10 UTC1378INData Raw: 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 79 5a 58 42 6c 59 58 52 66 61 57 35 30 5a 58 4a 32 59 57 77 69 66 53 77 78 4e 44 51 77 58 58 31 64 66 53 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 61 57 31 6c 56 47 39 4d 61 58 5a 6c 51 57 4e 30 61 58 5a 6c 54 58 4e 6e 49 6a 6f 32 4d 44 41 73 49 6e 52 79 65 55 46 6e 59 57 6c 75 51 57 5a 30 5a 58 49 69 4f 6a 4d 77 4d 48 31 39 66 53 77 69 64 58 4a 73 49 6a 70 37 49 6e 42 68 63 6d 46 74 63 79 49 36 57 33 73 69 64 6d 46 73 64 57 55 69 4f
                                                                                                                                                              Data Ascii: JlYXRlcSI6W3sidmFyaWFibGUiOiJyZXBlYXRfaW50ZXJ2YWwifSwxNDQwXX1dfSwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0aW1lVG9MaXZlQWN0aXZlTXNnIjo2MDAsInRyeUFnYWluQWZ0ZXIiOjMwMH19fSwidXJsIjp7InBhcmFtcyI6W3sidmFsdWUiO
                                                                                                                                                              2024-11-17 03:14:10 UTC1340INData Raw: 4f 6a 45 78 4d 44 42 39 4c 48 73 69 61 57 51 69 4f 69 4a 4f 51 55 64 66 52 56 68 51 53 56 4a 46 52 46 39 51 51 55 31 66 51 56 5a 42 55 31 51 69 4c 43 4a 77 62 47 46 6a 5a 57 31 6c 62 6e 51 69 4f 69 4a 77 62 33 42 31 63 43 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 49 33 4d 79 77 69 59 32 39 75 63 33 52 79 59 57 6c 75 64 48 4d 69 4f 6e 73 69 59 57 35 6b 49 6a 70 62 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 79 62 79 4a 39 4c 44 42 64 66 53 78 37 49 6d 78 6c 63 33 4e 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 63 6d 38 69 66 53 77 7a 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 43 49 36 57 33 73 69 64 6d 46 79 61 57 46
                                                                                                                                                              Data Ascii: OjExMDB9LHsiaWQiOiJOQUdfRVhQSVJFRF9QQU1fQVZBU1QiLCJwbGFjZW1lbnQiOiJwb3B1cCIsImVsZW1lbnQiOjI3MywiY29uc3RyYWludHMiOnsiYW5kIjpbeyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BybyJ9LDBdfSx7Imxlc3NlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wcm8ifSwzXX0seyJncmVhdCI6W3sidmFyaWF
                                                                                                                                                              2024-11-17 03:14:10 UTC1378INData Raw: 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 48 4e 30 49 6e 30 73 4d 31 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 32 5a 58 41 69 66 53 77 78 4f 56 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 79 5a 58 42 6c 59 58 52 66 61 57 35 30 5a 58 4a 32 59 57 77 69 66 53 77 78 4e 44 51 77 58 58 31 64 66 53 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 5a 58 68 77 61 58 4a 68 64 47 6c 76 62 69 49
                                                                                                                                                              Data Ascii: bGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbHN0In0sM119LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF92ZXAifSwxOV19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJyZXBlYXRfaW50ZXJ2YWwifSwxNDQwXX1dfSwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsibm90aWZ5TGltaXRlcklEIjoiZXhwaXJhdGlvbiI
                                                                                                                                                              2024-11-17 03:14:10 UTC1378INData Raw: 42 39 32 46 2d 32 37 46 45 2d 41 46 35 34 2d 39 32 37 38 45 41 38 42 46 39 31 30 7d 5d 0d 0a 53 63 68 65 64 54 69 6d 65 3d 31 37 39 32 38 30 30 0d 0a 53 63 68 65 64 54 79 70 65 3d 4d 6f 6e 74 68 6c 79 0d 0a 53 63 68 65 64 75 6c 65 72 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 73 65 74 74 69 6e 67 73 2e 47 61 6d 69 6e 67 4d 6f 64 65 5d 0d 0a 47 61 6d 65 52 75 6c 65 5f 41 75 74 6f 44 65 74 65 63 74 4e 65 77 41 70 70 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 42 6c 6f 63 6b 44 69 73 74 72 61 63 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 41 76 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 44 72 61 77 4f 76 65 72
                                                                                                                                                              Data Ascii: B92F-27FE-AF54-9278EA8BF910}]SchedTime=1792800SchedType=MonthlySchedulerEnabled=1[settings.GamingMode]GameRule_AutoDetectNewApps_Enabled=1GameRule_BlockDistractions_Enabled=1GameRule_DisableAvNotifications_Enabled=1GameRule_DisableDrawOver
                                                                                                                                                              2024-11-17 03:14:10 UTC1378INData Raw: 49 4d 45 4f 55 54 3d 31 32 30 30 0d 0a 48 54 54 50 5f 50 49 4e 47 5f 54 49 4d 45 4f 55 54 3d 35 30 30 30 0d 0a 4d 51 54 54 5f 50 55 42 4c 49 53 48 5f 52 45 43 56 5f 44 55 52 41 54 49 4f 4e 3d 31 30 30 30 30 0d 0a 4e 43 43 5f 43 45 52 54 5f 30 5f 53 48 41 31 3d 35 34 39 36 46 43 32 31 45 34 35 46 35 32 42 42 43 36 44 46 46 44 36 43 33 45 35 42 30 33 44 39 46 42 32 44 32 43 42 31 0d 0a 4e 43 43 5f 43 45 52 54 5f 30 5f 56 41 4c 49 44 5f 46 52 4f 4d 3d 32 30 32 34 2d 30 31 2d 31 38 20 30 30 3a 30 30 3a 30 30 0d 0a 4e 43 43 5f 43 45 52 54 5f 30 5f 56 41 4c 49 44 5f 55 4e 54 49 4c 3d 32 30 32 35 2d 30 31 2d 31 37 20 32 33 3a 35 39 3a 35 39 0d 0a 4e 43 43 5f 43 45 52 54 5f 31 5f 53 48 41 31 3d 31 43 35 38 41 33 41 38 35 31 38 45 38 37 35 39 42 46 30 37 35 42 37
                                                                                                                                                              Data Ascii: IMEOUT=1200HTTP_PING_TIMEOUT=5000MQTT_PUBLISH_RECV_DURATION=10000NCC_CERT_0_SHA1=5496FC21E45F52BBC6DFFD6C3E5B03D9FB2D2CB1NCC_CERT_0_VALID_FROM=2024-01-18 00:00:00NCC_CERT_0_VALID_UNTIL=2025-01-17 23:59:59NCC_CERT_1_SHA1=1C58A3A8518E8759BF075B7


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              5192.168.2.44974734.117.223.2234432104C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:10 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              Content-MD5: YhXdHLEFUeYCLzJZEiIHnQ==
                                                                                                                                                              User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                              Content-Length: 392
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              2024-11-17 03:14:10 UTC392OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 33 31 38 31 33 32 33 31 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 31 30 38 33 39 37 36 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 62 61 32 34 61 64 31 63 32 34 62
                                                                                                                                                              Data Ascii: SfxCreated=1731813231SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=11083976SfxVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=stubguid=ad54635d-aa65-492b-8623-e9fd8fd3918bmidex=3f5c7cd44d1f6ac769934cada267b4dfbba24ad1c24b
                                                                                                                                                              2024-11-17 03:14:11 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:11 GMT
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              6192.168.2.44976634.160.176.284435448C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:41 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                              Content-Length: 223
                                                                                                                                                              2024-11-17 03:14:41 UTC223OUTData Raw: 64 61 74 61 3d 43 41 41 51 47 42 67 4c 49 50 6b 76 4b 68 56 74 62 57 31 66 59 58 5a 68 58 32 56 7a 5a 31 38 77 4d 44 42 66 4d 7a 59 78 58 32 31 69 41 67 6f 41 69 41 45 41 79 67 4d 6b 59 57 51 31 4e 44 59 7a 4e 57 51 74 59 57 45 32 4e 53 30 30 4f 54 4a 69 4c 54 67 32 4d 6a 4d 74 5a 54 6c 6d 5a 44 68 6d 5a 44 4d 35 4d 54 68 69 38 67 4d 45 4f 44 45 35 4d 59 49 4a 51 44 4e 47 4e 55 4d 33 51 30 51 30 4e 45 51 78 52 6a 5a 42 51 7a 63 32 4f 54 6b 7a 4e 45 4e 42 52 45 45 79 4e 6a 64 43 4e 45 52 47 51 6b 4a 42 4d 6a 52 42 52 44 46 44 4d 6a 52 43 4d 6b 4d 30 51 7a 4a 47 4e 55 52 45 52 6b 45 78 4e 44 4a 42 4e 6a 4e 44 4e 6a 62 61 45 77 5a 70 59 58 5a 7a 4f 58 67 25 33 44
                                                                                                                                                              Data Ascii: data=CAAQGBgLIPkvKhVtbW1fYXZhX2VzZ18wMDBfMzYxX21iAgoAiAEAygMkYWQ1NDYzNWQtYWE2NS00OTJiLTg2MjMtZTlmZDhmZDM5MThi8gMEODE5MYIJQDNGNUM3Q0Q0NEQxRjZBQzc2OTkzNENBREEyNjdCNERGQkJBMjRBRDFDMjRCMkM0QzJGNURERkExNDJBNjNDNjbaEwZpYXZzOXg%3D
                                                                                                                                                              2024-11-17 03:14:42 UTC3452INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:42 GMT
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 38307
                                                                                                                                                              AB-Tests: 19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,49afa038-20e4-4cff-b058-f7c69b5a850d:A,AV-32666-v1-fake:a,Indruch_SS_4Thursdays_fake:c,av-32836-v2-fake:b,av-39646-v2-fake:a,ipmb-12910-v1:d,oa-7466-v0:a
                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                              Config-Id: 5
                                                                                                                                                              Config-Name: Avast-Windows-AV-Consumer_websocket-testing_email-signatures_opswatenabled_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_not-avast-one_version-18.6-and-higher_icarus-migration-free-release_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-read-mode-release_quic-on_emailscanner-ignored-processes_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_free-onboarding_avast-forrelease-24.4_noomnianda1_aosstorelink_enableddwm_enablehns3_phone-support-tile_avast-forrelease-24.11-blatnyonly_version-20.1-plus_fs-and-idp-integration_cef-91_v19.1-and-higher-on_opening-browser-onboarding_smartscan-free---antivirus---win [TRUNCATED]
                                                                                                                                                              Config-Version: 5198
                                                                                                                                                              Segments: websocket testing,email signatures,opswatenabled,ipm_6363_chrome_offer_setup_free,asb and chrome since 21.2,version 23.2 and higher not in fr de,free,production new installs,disabled aos sideloading,web purchase - autoactivation,webshield tls processes - release,v19.1 and higher free,ipm_4932_opm_pus_fullscale,not avast one,version 18.6 and higher,icarus migration free release,production,webshield.quic.block - fraction test setup,quic sni block release stage 2,quic read mode release,quic on,emailscanner ignored processes,previous version,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,v2017,globalflags - streamproduction ,devicewatcheron,version 20.9 and higher,pups in avast rollout,winre bts,free onboarding,avast forrelease 24.4,noomnianda1,aosstorelink,enableddwm,enablehns3,phone support tile,avast forrelease 24.11 blatnyonly,version 20.1 plus,fs and idp integration,cef 91,v19.1 and higher on,opening browser onboarding,smartscan free - antivirus - win10,ispublicrelease,opm_burger [TRUNCATED]
                                                                                                                                                              TTL: 86400
                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                              Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 65 72 2e 63 6f 6d 2c 6f 75 74 6c 6f 6f 6b 2e 6c 69 76 65 2e 63 6f 6d 2c 61 73 61 6e 61 2e 63 6f 6d 2c 70 72 6f 73 70 65 72 69 74 79 62 61 6e 6b 75 73 61 2e 63 6f 6d 2c 74 65 6c 65 66 6f 6e 69 63 61 2e 64 65 2c 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 2c 70 69 72 69 66 6f 72 6d 2e 63 6f 6d 2c 61 76 61 73 74 2e 63 6f 6d 2c 61 76 67 2e 63 6f 6d 2c 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2c 62 6f 6f 6b 69 6e 67 2e 63 6f 6d 2c 67 6f 6f 67 6c 65 2e 63 6f 6d 2c 6c 69 76 65 2e 63 6f 6d 2c 6d 69 63 72 6f 73 6f 66 74 33 36 35 2e 63 6f 6d 0d 0a 41 54 53 6b 69 70 70 65 64 49 6e 6a 45 78 74 3d 2d 0d 0a 41 54 53 6b 69 70 70 65 64 4f 62 73 45 78 74 3d 2d 0d 0a 41 76 61 73 74 49 6e 66 6f 43 61 72 74 52 65 71 75 65 73 74 55 72 6c 73 3d 68 74 74 70 73 3a 2f 2f 63 68 65 63 6b 6f 75
                                                                                                                                                              Data Ascii: er.com,outlook.live.com,asana.com,prosperitybankusa.com,telefonica.de,ccleaner.com,piriform.com,avast.com,avg.com,facebook.com,booking.com,google.com,live.com,microsoft365.comATSkippedInjExt=-ATSkippedObsExt=-AvastInfoCartRequestUrls=https://checkou
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 49 6e 52 76 59 58 4e 30 5a 58 49 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 7a 4f 44 49 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 59 6e 4a 76 64 33 4e 6c 63 6c 39 70 62 6d 4e 76 5a 32 35 70 64 47 39 66 5a 57 35 68 59 6d 78 6c 5a 43 4a 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 77 49 6e 30 73 4d 54 6c 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 7a 49 6e 30 73 4e 6c 31 39 4c 48 73
                                                                                                                                                              Data Ascii: InRvYXN0ZXIiLCJlbGVtZW50IjozODIsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiYnJvd3Nlcl9pbmNvZ25pdG9fZW5hYmxlZCJdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVwIn0sMTldfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVzIn0sNl19LHs
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 31 7a 49 6a 70 62 65 79 4a 75 59 57 31 6c 49 6a 6f 69 59 57 4e 30 61 57 39 75 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 49 78 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 30 59 6d 4d 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 49 6a 45 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 31 70 5a 43 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 51 56 5a 42 55 31 52 66 51 56 5a 66 51 6c 4a 50 56 31 4e 46 55 6c 39 4a 54 6b 4e 50 52 30 35 4a 56 45 39 66 56 45 39 42 55 31 52 46 55 6c 39 55 52 56 4e 55 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 6c 62 47 30 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 49 6a 4d 34 4d 69 4a 39 58 58 30 73 49 6e 42 79 61 57 39 79 61 58 52 35 49 6a 6f 79 4d 44 41 77 66 53 78 37 49 6d 6c 6b 49 6a 6f 69 51 56 5a 42 55
                                                                                                                                                              Data Ascii: 1zIjpbeyJuYW1lIjoiYWN0aW9uIiwidmFsdWUiOiIxIn0seyJuYW1lIjoicF90YmMiLCJ2YWx1ZSI6IjEifSx7Im5hbWUiOiJwX21pZCIsInZhbHVlIjoiQVZBU1RfQVZfQlJPV1NFUl9JTkNPR05JVE9fVE9BU1RFUl9URVNUIn0seyJuYW1lIjoicF9lbG0iLCJ2YWx1ZSI6IjM4MiJ9XX0sInByaW9yaXR5IjoyMDAwfSx7ImlkIjoiQVZBU
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 43 77 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4e 6a 42 39 66 58 30 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 51 30 78 50 55 30 56 66 54 30 5a 47 52 56 4a 66 52 56 5a 46 54 6c 52 66 56 45 56 54 56 46 39 43 49 6c 31 39 58 58 30 73 49 6e 56 79 62 43 49
                                                                                                                                                              Data Ascii: YXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0cnlBZ2FpbkFmdGVyIjozMCwidGltZVRvTGl2ZUFjdGl2ZU1zZyI6NjB9fX0sImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiQ0xPU0VfT0ZGRVJfRVZFTlRfVEVTVF9CIl19XX0sInVybCI
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 4e 30 49 6e 30 73 4e 56 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 73 63 33 51 69 66 53 77 77 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 5a 6c 63 43 4a 39 4c 44 45 35 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 32 46 6e 5a 53 4a 39 4c 44 45 30 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6e 4a 6c 63 47 56 68 64 46 39 70 62 6e 52 6c 63 6e 5a 68 62 43 4a 39 4c 44 45 30 4e 44 42 64 66 53 78 37 49 6d 78 6c 63 33 4d 69 4f
                                                                                                                                                              Data Ascii: N0In0sNV19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9sc3QifSwwXX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3ZlcCJ9LDE5XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX2FnZSJ9LDE0XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6InJlcGVhdF9pbnRlcnZhbCJ9LDE0NDBdfSx7Imxlc3MiO
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 63 43 4a 39 4c 44 45 35 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6e 4a 6c 63 47 56 68 64 46 39 70 62 6e 52 6c 63 6e 5a 68 62 43 4a 39 4c 44 45 30 4e 44 42 64 66 56 31 39 4c 43 4a 76 63 48 52 70 62 32 35 7a 49 6a 70 37 49 6d 78 68 64 57 35 6a 61 45 39 77 64 47 6c 76 62 69 49 36 65 79 4a 75 62 33 52 70 5a 6e 6c 4d 61 57 31 70 64 47 56 79 53 55 51 69 4f 69 4a 6c 65 48 42 70 63 6d 46 30 61 57 39 75 49 69 77 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 61 57 31 6c 56 47 39 4d 61 58 5a 6c 51 57 4e 30 61 58 5a 6c 54 58 4e 6e 49 6a 6f 7a 4e 6a 41 73 49 6e 52 79 65 55 46
                                                                                                                                                              Data Ascii: cCJ9LDE5XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6InJlcGVhdF9pbnRlcnZhbCJ9LDE0NDBdfV19LCJvcHRpb25zIjp7ImxhdW5jaE9wdGlvbiI6eyJub3RpZnlMaW1pdGVySUQiOiJleHBpcmF0aW9uIiwiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0aW1lVG9MaXZlQWN0aXZlTXNnIjozNjAsInRyeUF
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 78 50 55 31 52 66 55 45 46 4e 58 30 46 57 51 56 4e 55 49 69 77 69 63 47 78 68 59 32 56 74 5a 57 35 30 49 6a 6f 69 63 47 39 77 64 58 41 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 79 4e 7a 4d 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 63 6d 38 69 66 53 77 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 63 48 4a 76 49 6e 30 73 4d 31 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 6c 65 43 4a 39 4c
                                                                                                                                                              Data Ascii: xPU1RfUEFNX0FWQVNUIiwicGxhY2VtZW50IjoicG9wdXAiLCJlbGVtZW50IjoyNzMsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wcm8ifSwwXX0seyJsZXNzZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfcHJvIn0sM119LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxleCJ9L
                                                                                                                                                              2024-11-17 03:14:42 UTC1378INData Raw: 69 6e 6d 62 61 64 6a 66 70 62 6c 6f 66 0d 0a 47 43 50 41 4d 3d 65 6d 68 67 69 6e 6a 70 69 6a 66 67 67 62 6f 66 65 65 64 69 69 6f 6a 6d 64 6c 6d 6c 6b 6f 69 6b 0d 0a 47 43 53 50 3d 65 6f 66 63 62 6e 6d 61 6a 6d 6a 6d 70 6c 66 6c 61 70 61 6f 6a 6a 6e 69 68 63 6a 6b 69 67 63 6b 0d 0a 47 43 57 54 55 3d 63 68 66 64 6e 65 63 69 68 70 68 6d 68 6c 6a 61 61 65 6a 6d 67 6f 69 61 68 6e 69 68 70 6c 67 6e 0d 0a 47 43 57 54 55 33 3d 6c 6b 6d 64 6f 63 70 62 6e 62 6c 63 68 70 70 65 63 69 63 6b 62 69 70 69 68 6c 6b 65 68 64 66 67 0d 0a 49 45 41 4f 53 3d 38 45 35 45 32 36 35 34 2d 41 44 32 44 2d 34 38 62 66 2d 41 43 32 44 2d 44 31 37 46 30 30 38 39 38 44 30 36 0d 0a 49 45 50 41 4d 3d 30 41 34 45 34 37 34 38 2d 35 46 45 43 2d 34 30 39 38 2d 38 38 46 41 2d 30 38 30 46 31 31
                                                                                                                                                              Data Ascii: inmbadjfpblofGCPAM=emhginjpijfggbofeediiojmdlmlkoikGCSP=eofcbnmajmjmplflapaojjnihcjkigckGCWTU=chfdnecihphmhljaaejmgoiahnihplgnGCWTU3=lkmdocpbnblchppecickbipihlkehdfgIEAOS=8E5E2654-AD2D-48bf-AC2D-D17F00898D06IEPAM=0A4E4748-5FEC-4098-88FA-080F11


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              7192.168.2.44976834.117.223.2234435448C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:46 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/json
                                                                                                                                                              User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                              Content-Length: 493
                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                              2024-11-17 03:14:46 UTC493OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 32 2c 22 74 69 6d 65 22 3a 31 37 33 31 38 31 37 36 39 32 31 30 32 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 22 2c 22 68 77 69 64 22 3a 22 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 42 42 41 32 34 41 44 31 43 32 34 42 32 43 34 43 32 46 35 44 44 46 41 31 34 32 41 36 33 43 36 36 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 22 7d 2c 22 69 6e 73 74 75 70 22 3a
                                                                                                                                                              Data Ascii: {"record":[{"event":{"subtype":2,"time":1731817692102,"type":70},"identity":{"guid":"ad54635d-aa65-492b-8623-e9fd8fd3918b","hwid":"3F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66"},"installation":{"aiid":"mmm_ava_esg_000_361_m"},"instup":
                                                                                                                                                              2024-11-17 03:14:46 UTC216INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:46 GMT
                                                                                                                                                              Content-Type: application/json
                                                                                                                                                              Content-Length: 19
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:14:46 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                              Data Ascii: {"processed": true}


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              8192.168.2.44976934.117.223.2234435448C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:46 UTC202OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                              Host: v7event.stats.avast.com
                                                                                                                                                              User-Agent: avast! Antivirus
                                                                                                                                                              Accept: */*
                                                                                                                                                              Content-MD5: eOuwjGGiC2SK1aJB+3s9vA==
                                                                                                                                                              Content-Type: iavs4/stats
                                                                                                                                                              Content-Length: 327
                                                                                                                                                              2024-11-17 03:14:46 UTC327OUTData Raw: 49 6e 73 74 75 70 56 65 72 73 69 6f 6e 3d 32 34 2e 31 31 2e 39 36 31 35 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 69 6e 73 74 61 6c 6c 5f 69 6e 74 72 6f 0a 67 75 69 64 3d 61 64 35 34 36 33 35 64 2d 61 61 36 35 2d 34 39 32 62 2d 38 36 32 33 2d 65 39 66 64 38 66 64 33 39 31 38 62 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 62 61 32 34 61 64 31 63 32 34 62 32 63 34 63 32 66 35 64 64 66 61 31 34 32 61 36 33 63 36 36 0a 6f 70 65 72 61 74 69 6f 6e 3d 32 0a 6f 73 3d 77 69 6e 2c 31 30 2c 30 2c 32 2c 31 39 30 34 35 2c 30 2c 41 4d 44 36 34 0a 73 74 61 74 5f 73 65 73 73 69 6f 6e 3d 35 31 62
                                                                                                                                                              Data Ascii: InstupVersion=24.11.9615.0cookie=mmm_ava_esg_000_361_medition=1event=install_introguid=ad54635d-aa65-492b-8623-e9fd8fd3918bmidex=3f5c7cd44d1f6ac769934cada267b4dfbba24ad1c24b2c4c2f5ddfa142a63c66operation=2os=win,10,0,2,19045,0,AMD64stat_session=51b
                                                                                                                                                              2024-11-17 03:14:46 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:46 GMT
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              9192.168.2.44977634.111.24.14435448C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:47 UTC597OUTGET /?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-ch&repoid=iavs9x&p_lan=8192&p_lng=en&p_vep=24&p_ves=11&p_vbd=6137&p_cnm=305090&p_hid=ad54635d-aa65-492b-8623-e9fd8fd3918b&p_bld=mmm_ava_esg_000_361_m&p_adp=0000&p_midex=3F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66&p_chs=5&p_chr=2&p_gccc=2&p_scr=intro&p_sbi=0&p_ram=8191&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0 HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Accept: */*
                                                                                                                                                              User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
                                                                                                                                                              Host: ipm.avcdn.net
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:47 GMT
                                                                                                                                                              Content-Type: text/html
                                                                                                                                                              Content-Length: 19780
                                                                                                                                                              IPM-Asset-URL--266817469: https://ipmcdn.avast.com/images/banner/img_secure-browser-v2.png
                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Expires: 0
                                                                                                                                                              Content-Identifier: fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html
                                                                                                                                                              ETag: W/d3fc5bfb
                                                                                                                                                              Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1731813287; Max-Age=1728000; Expires=Sat, 07 Dec 2024 03:14:47 GMT; Secure; SameSite=None
                                                                                                                                                              Set-Cookie: ScreenName_76=fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html; Max-Age=3888000; Expires=Wed, 01 Jan 2025 03:14:47 GMT; Secure; SameSite=None
                                                                                                                                                              Set-Cookie: ClientId=4bf495e4-a38a-4042-99fd-45677270695d; Max-Age=63072000; Expires=Tue, 17 Nov 2026 03:14:47 GMT; Secure; SameSite=None
                                                                                                                                                              Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1731813287; Max-Age=1728000; Expires=Sat, 07 Dec 2024 03:14:47 GMT; Secure; SameSite=None
                                                                                                                                                              Set-Cookie: ScreenName_76=fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html; Max-Age=3888000; Expires=Wed, 01 Jan 2025 03:14:47 GMT; Secure; SameSite=None
                                                                                                                                                              Set-Cookie: ClientId=4bf495e4-a38a-4042-99fd-45677270695d; Max-Age=63072000; Expires=Tue, 17 Nov 2026 03:14:47 GMT; Secure; SameSite=None
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 64 70 69 3d 22 31 30 30 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 09 2a 20 7b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 68 74 6d 6c 2c 0d 0a 62 6f 64 79 20 7b 0d 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 68 65 69 67 68 74 3a 20 32 32 30 64 69 70 3b 0d 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65
                                                                                                                                                              Data Ascii: <html dir="ltr" dpi="100"><head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <style>* { margin: 0; padding: 0; }html,body { width: 100%; height: 220dip; font-family: Arial, sans-serif; overflow: hidde
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 6e 74 2d 73 69 7a 65 3a 20 31 30 64 69 70 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0d 0a 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 0d 0a 2e 64 65 73 63 72 69 70 74 69 6f 6e 2d 66 65 61 74 75 72 65 73 20 6c 69 20 7b 0d 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 36 3b 0d 0a 7d 0d 0a 2e 77 69 64 67 65 74 2d 77 72 61 70 70 65 72 20 7b 0d 0a 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 34 64 69 70 3b 0d 0a 7d 0d 0a 77 69 64 67 65 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 7b 0d 0a 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 64 69 70 3b 0d 0a 7d 20 0d 0a 77 69 64 67 65 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 2e 5f 77 69 64 67 65 74 2d 64 65 73 63 72
                                                                                                                                                              Data Ascii: nt-size: 10dip !important;} .description-features li { line-height: 1.6;}.widget-wrapper { padding-bottom: 4dip;}widget[type="checkbox"] { display: block; margin-top: 5dip;} widget[type="checkbox"] ._widget-descr
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 32 25 33 41 25 32 32 32 34 2e 31 31 2e 36 31 33 37 2e 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 25 32 32 25 32 43 25 32 32 62 75 69 6c 64 25 32 32 25 33 41 36 31 33 37 25 32 43 25 32 32 69 70 6d 5f 70 72 6f 64 75 63 74 25 32 32 25 33 41 30 25 37 44 25 32 43 25 32 32 70 6c 61 74 66 6f 72 6d 25 32 32 25 33 41 25 37 42 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 31 30 2e 30 25 32 32 25 32 43 25 32 32 6c 61 6e 67 25 32 32 25 33 41 25 32 32 65 6e 2d 75 73 25 32 32 25 37 44 25 32 43 25 32 32 6c 69 63 65 6e 73 65 25 32 32 25 33 41 25 37 42 25 32 32 73 75 62 73 63 72 69 70 74 69 6f 6e 5f 6d 6f 64 65 25 32 32 25 33 41 66 61 6c 73 65 25 32 43 25 32 32 73 74 61 63 6b 25 32 32 25 33 41 25 32 32 53 54 41 43 4b 5f 41 56 41 53 54 25 32
                                                                                                                                                              Data Ascii: 2%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%2
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 32 29 2e 73 72 63 20 3d 20 22 22 2c 0d 0a 20 20 20 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 33 29 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 61 6e 61 6c 79 74 69 63 73 2e 66 66 2e 61 76 61 73 74 2e 63 6f 6d 2f 76 34 2f 72 65 63 65 69 76 65 2f 67 65 74 2f 6a 73 6f 6e 2f 31 30 3f 64 61 74 61 3d 25 37 42 25 32 32 72 65 63 6f 72 64 25 32 32 25 33 41 25 35 42 25 37 42 25 32 32 65 76 65 6e 74 25 32 32 25 33 41 25 37 42 25 32 32 74 79 70 65 25 32 32 25 33 41 31 30 25 32 43 25 32 32 73 75 62 74 79 70 65 25 32 32 25 33 41 31 25 32 43 25 32 32 72 65 71 75 65 73 74 5f 69 64 25 32 32 25 33 41 25 32 32 38 31 37 34 66 61 63 63 2d 31 33 31 33 2d 34 37 61 35 2d 39 36 62 66 2d 64 34 33 64 65 64 31 66 33 33 31 65 25 32 32 25
                                                                                                                                                              Data Ascii: $1(.track2).src = "", $1(.track3).src = "https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A1%2C%22request_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 25 37 44 25 35 44 25 32 43 25 32 32 62 72 61 6e 64 25 32 32 25 33 41 25 32 32 41 76 61 73 74 25 32 32 25 32 43 25 32 32 70 6c 61 63 65 6d 65 6e 74 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 73 65 74 75 70 25 32 32 25 32 43 25 32 32 6d 65 73 73 61 67 65 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 73 65 74 75 70 2d 61 76 61 73 74 2d 6f 66 66 65 72 5f 6e 69 74 72 6f 2d 73 65 63 75 72 65 2d 62 72 6f 77 73 65 72 25 32 32 25 37 44 25 32 43 25 32 32 61 63 74 69 6f 6e 25 32 32 25 33 41 25 37 42 25 32 32 61 63 74 69 6f 6e 4e 61 6d 65 25 32 32 25 33 41 25 32 32 61 73 62 2d 69 6e 73 74 61 6c 6c 25 32 32 25 37 44 25 37 44 25 37 44 25 35 44 25 37 44 22 3b 20 20 0d 0a 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 2f 2a 4e 6f 74 20 69 6e 73 74 61 6c 6c 20 62 72 6f 77 73 65 72 20 2a
                                                                                                                                                              Data Ascii: %7D%5D%2C%22brand%22%3A%22Avast%22%2C%22placement_type%22%3A%22setup%22%2C%22message_name%22%3A%22setup-avast-offer_nitro-secure-browser%22%7D%2C%22action%22%3A%7B%22actionName%22%3A%22asb-install%22%7D%7D%7D%5D%7D"; } /*Not install browser *
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 25 32 32 25 32 43 25 32 32 63 75 73 74 6f 6d 65 72 5f 73 65 67 6d 65 6e 74 25 32 32 25 33 41 25 32 32 46 4e 25 32 32 25 32 43 25 32 32 66 6c 6f 77 5f 69 64 25 32 32 25 33 41 25 32 32 38 31 37 34 66 61 63 63 2d 31 33 31 33 2d 34 37 61 35 2d 39 36 62 66 2d 64 34 33 64 65 64 31 66 33 33 31 65 25 32 32 25 37 44 25 32 43 25 32 32 63 6f 6e 74 65 6e 74 25 32 32 25 33 41 25 37 42 25 32 32 63 6f 6e 74 65 6e 74 5f 69 64 65 6e 74 69 66 69 65 72 25 32 32 25 33 41 25 32 32 66 61 25 32 46 65 6e 2d 77 77 25 32 46 73 65 74 75 70 2d 61 76 61 73 74 2d 6f 66 66 65 72 5f 6e 69 74 72 6f 2d 73 65 63 75 72 65 2d 62 72 6f 77 73 65 72 5f 76 61 72 69 61 6e 74 2d 61 2e 68 74 6d 6c 25 32 32 25 32 43 25 32 32 63 6f 6e 74 65 6e 74 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 53 43 52 45
                                                                                                                                                              Data Ascii: %22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCRE
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 46 41 31 34 32 41 36 33 43 36 36 25 32 32 25 37 44 25 32 43 25 32 32 70 72 6f 64 75 63 74 25 32 32 25 33 41 25 37 42 25 32 32 69 64 25 32 32 25 33 41 31 25 32 43 25 32 32 65 64 69 74 69 6f 6e 25 32 32 25 33 41 31 25 32 43 25 32 32 6c 61 6e 67 25 32 32 25 33 41 25 32 32 65 6e 2d 75 73 25 32 32 25 32 43 25 32 32 76 65 72 73 69 6f 6e 5f 61 70 70 25 32 32 25 33 41 25 32 32 32 34 2e 31 31 2e 36 31 33 37 2e 6d 6d 6d 5f 61 76 61 5f 65 73 67 5f 30 30 30 5f 33 36 31 5f 6d 25 32 32 25 32 43 25 32 32 62 75 69 6c 64 25 32 32 25 33 41 36 31 33 37 25 32 43 25 32 32 69 70 6d 5f 70 72 6f 64 75 63 74 25 32 32 25 33 41 30 25 37 44 25 32 43 25 32 32 70 6c 61 74 66 6f 72 6d 25 32 32 25 33 41 25 37 42 25 32 32 76 65 72 73 69 6f 6e 25 32 32 25 33 41 25 32 32 31 30 2e 30 25 32
                                                                                                                                                              Data Ascii: FA142A63C66%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%2
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 20 61 73 73 69 67 6e 65 64 21 3a 20 53 65 6e 64 41 76 43 6f 6d 6d 61 6e 64 28 22 63 68 61 6e 67 65 5f 63 6f 6d 70 6f 6e 65 6e 74 3a 61 69 73 5f 63 6d 70 5f 73 65 63 75 72 65 62 72 6f 77 73 65 72 3a 31 3a 22 29 3b 0d 0a 20 20 09 61 63 74 69 76 65 2d 6f 6e 21 3a 0d 0a 20 20 20 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 31 29 2e 73 72 63 20 3d 20 22 22 2c 0d 0a 20 20 20 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 32 29 2e 73 72 63 20 3d 20 22 22 2c 0d 0a 20 20 20 20 20 20 20 20 24 31 28 2e 74 72 61 63 6b 33 29 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 61 6e 61 6c 79 74 69 63 73 2e 66 66 2e 61 76 61 73 74 2e 63 6f 6d 2f 76 34 2f 72 65 63 65 69 76 65 2f 67 65 74 2f 6a 73 6f 6e 2f 31 30 3f 64 61 74 61 3d 25 37 42 25 32 32 72 65 63 6f 72 64 25 32 32 25 33 41
                                                                                                                                                              Data Ascii: assigned!: SendAvCommand("change_component:ais_cmp_securebrowser:1:"); active-on!: $1(.track1).src = "", $1(.track2).src = "", $1(.track3).src = "https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 6f 2d 73 65 63 75 72 65 2d 62 72 6f 77 73 65 72 5f 76 61 72 69 61 6e 74 2d 61 25 32 32 25 32 43 25 32 32 74 72 61 63 6b 69 6e 67 25 32 32 25 33 41 25 35 42 25 37 42 25 32 32 6b 65 79 25 32 32 25 33 41 25 32 32 4c 69 63 65 6e 73 65 42 75 73 69 6e 65 73 73 53 6f 75 72 63 65 25 32 32 25 32 43 25 32 32 76 61 6c 75 65 25 32 32 25 33 41 25 32 32 4e 6f 74 53 65 74 25 32 32 25 37 44 25 35 44 25 32 43 25 32 32 62 72 61 6e 64 25 32 32 25 33 41 25 32 32 41 76 61 73 74 25 32 32 25 32 43 25 32 32 70 6c 61 63 65 6d 65 6e 74 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 73 65 74 75 70 25 32 32 25 32 43 25 32 32 6d 65 73 73 61 67 65 5f 6e 61 6d 65 25 32 32 25 33 41 25 32 32 73 65 74 75 70 2d 61 76 61 73 74 2d 6f 66 66 65 72 5f 6e 69 74 72 6f 2d 73 65 63 75 72 65 2d 62 72 6f
                                                                                                                                                              Data Ascii: o-secure-browser_variant-a%22%2C%22tracking%22%3A%5B%7B%22key%22%3A%22LicenseBusinessSource%22%2C%22value%22%3A%22NotSet%22%7D%5D%2C%22brand%22%3A%22Avast%22%2C%22placement_type%22%3A%22setup%22%2C%22message_name%22%3A%22setup-avast-offer_nitro-secure-bro
                                                                                                                                                              2024-11-17 03:14:47 UTC1459INData Raw: 6c 65 6d 65 6e 74 25 32 32 25 33 41 37 36 25 32 43 25 32 32 6c 69 63 65 6e 73 65 5f 74 79 70 65 25 32 32 25 33 41 25 32 32 53 54 41 4e 44 41 52 44 25 32 32 25 32 43 25 32 32 6c 69 63 65 6e 73 69 6e 67 5f 73 74 61 67 65 25 32 32 25 33 41 25 32 32 4c 49 43 45 4e 53 45 44 25 32 32 25 32 43 25 32 32 63 75 73 74 6f 6d 65 72 5f 73 65 67 6d 65 6e 74 25 32 32 25 33 41 25 32 32 46 4e 25 32 32 25 32 43 25 32 32 66 6c 6f 77 5f 69 64 25 32 32 25 33 41 25 32 32 38 31 37 34 66 61 63 63 2d 31 33 31 33 2d 34 37 61 35 2d 39 36 62 66 2d 64 34 33 64 65 64 31 66 33 33 31 65 25 32 32 25 37 44 25 32 43 25 32 32 63 6f 6e 74 65 6e 74 25 32 32 25 33 41 25 37 42 25 32 32 63 6f 6e 74 65 6e 74 5f 69 64 65 6e 74 69 66 69 65 72 25 32 32 25 33 41 25 32 32 66 61 25 32 46 65 6e 2d 77 77
                                                                                                                                                              Data Ascii: lement%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              10192.168.2.44978234.117.223.2234435448C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:14:48 UTC1751OUTGET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22ad54635d-aa65-492b-8623-e9fd8fd3918b%22%2C%22hwid%22%3A%223F5C7CD44D1F6AC769934CADA267B4DFBBA24AD1C24B2C4C2F5DDFA142A63C66%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2224.11.6137.mmm_ava_esg_000_361_m%22%2C%22build%22%3A6137%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%228174facc-1313-47a5-96bf-d43ded1f331e%22%7D%2C%22con [TRUNCATED]
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Accept: */*
                                                                                                                                                              User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
                                                                                                                                                              Host: analytics.ff.avast.com
                                                                                                                                                              2024-11-17 03:14:48 UTC216INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:14:48 GMT
                                                                                                                                                              Content-Type: application/json
                                                                                                                                                              Content-Length: 19
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:14:48 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                              Data Ascii: {"processed": true}


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              11192.168.2.45003934.117.223.2234435448C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-11-17 03:15:45 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                              Content-Length: 560
                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                              2024-11-17 03:15:45 UTC560OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a bd 92 cd 6e d3 40 14 85 e3 34 6a 23 ab 48 25 08 09 b2 b2 ac 2c 5a 29 4e 3d e3 99 b1 67 45 c6 76 4c 83 88 a8 92 86 56 c8 8b 4e ec 49 63 c9 d8 d1 d8 55 8b 10 6b 78 03 1e 81 57 00 c1 8e 25 0f c0 1e 89 27 60 c5 0e 9b 05 3f 12 42 65 c3 ac ee 9d d1 39 df 9d ab a3 3e df 52 57 ee d0 0a b0 67 7b 3e 42 3e 08 08 f3 6c 42 a9 85 3c e6 33 48 6c 17 f9 81 eb 32 88 98 0f 3c 88 5c e8 21 0f 06 d8 f7 03 06 10 64 c4 f2 08 b9 d7 e3 31 46 c4 c2 b1 c1 39 c1 06 a2 70 61 38 04 5a 86 a0 cb d8 59 c6 16 05 ce a2 f3 b6 a5 b6 94 9b d7 94 9d d7 ef 3f 7c d9 de fd d8 7a f4 aa a5 26 6d a5 33 9e e5 cb f2 82 4b 11 de cd f3 b3 54 84 f3 75 cc 4b 11 7a 69 22 b2 72 56 d6 f5 53 87 11 ea 5b 08 1b 3e 26 c8 a8 68 91 c1 82 00 18 f5 35 1d 61 cb 0c 28 79 d6 dd 4a 79 51 ca
                                                                                                                                                              Data Ascii: n@4j#H%,Z)N=gEvLVNIcUkxW%'`?Be9>RWg{>B>lB<3Hl2<\!d1F9pa8ZY?|z&m3KTuKzi"rVS[>&h5a(yJyQ
                                                                                                                                                              2024-11-17 03:15:45 UTC255INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Sun, 17 Nov 2024 03:15:45 GMT
                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                              Content-Length: 24
                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                              Via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-11-17 03:15:45 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              General

                                                                                                                                                              Target ID:0
                                                                                                                                                              Start time:22:13:51
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe"
                                                                                                                                                              Imagebase:0xa20000
                                                                                                                                                              File size:263'520 bytes
                                                                                                                                                              MD5 hash:3DF8662A0A6E5D44DDA952B703CA3415
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:1
                                                                                                                                                              Start time:22:14:00
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\Temp\asw.e5da014393d7a8cd\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd
                                                                                                                                                              Imagebase:0x7ff6e0380000
                                                                                                                                                              File size:11'083'976 bytes
                                                                                                                                                              MD5 hash:5602827611566F03E75534E544049184
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:4
                                                                                                                                                              Start time:22:14:07
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Windows\Temp\asw.35a621416d17dbaf\Instup.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\Temp\asw.35a621416d17dbaf\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd
                                                                                                                                                              Imagebase:0x7ff717ad0000
                                                                                                                                                              File size:3'845'976 bytes
                                                                                                                                                              MD5 hash:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:7
                                                                                                                                                              Start time:22:14:33
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.35a621416d17dbaf /edition:1 /prod:ais /stub_context:60f2a4b1-d136-40ae-9431-f4e2ad98ca49:11083976 /guid:ad54635d-aa65-492b-8623-e9fd8fd3918b /ga_clientid:51b07815-7ab2-4cca-81ea-39f3770cce06 /cookie:mmm_ava_esg_000_361_m /edat_dir:C:\Windows\Temp\asw.e5da014393d7a8cd /online_installer
                                                                                                                                                              Imagebase:0x7ff6befc0000
                                                                                                                                                              File size:3'845'976 bytes
                                                                                                                                                              MD5 hash:3ABF9F028C72536CFAE2C019442F26AA
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:8
                                                                                                                                                              Start time:22:14:44
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkGToolbar -elevated
                                                                                                                                                              Imagebase:0xa50000
                                                                                                                                                              File size:2'494'808 bytes
                                                                                                                                                              MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:9
                                                                                                                                                              Start time:22:14:44
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" /check_secure_browser
                                                                                                                                                              Imagebase:0xa50000
                                                                                                                                                              File size:2'494'808 bytes
                                                                                                                                                              MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:10
                                                                                                                                                              Start time:22:14:44
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Windows\Temp\asw.35a621416d17dbaf\New_180b17f9\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
                                                                                                                                                              Imagebase:0xa50000
                                                                                                                                                              File size:2'494'808 bytes
                                                                                                                                                              MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:12
                                                                                                                                                              Start time:22:14:45
                                                                                                                                                              Start date:16/11/2024
                                                                                                                                                              Path:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
                                                                                                                                                              Imagebase:0x3e0000
                                                                                                                                                              File size:2'494'808 bytes
                                                                                                                                                              MD5 hash:CF1F1ACB6AF4203FED502A06F4EB42B6
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              Disassembly

                                                                                                                                                              Reset < >

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:11%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:13.6%
                                                                                                                                                                Total number of Nodes:1986
                                                                                                                                                                Total number of Limit Nodes:26
                                                                                                                                                                execution_graph 16974 a22ba0 16977 a22e10 16974->16977 16975 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16976 a2316b 16975->16976 16978 a23171 16977->16978 16983 a22e94 BuildCatchObjectHelperInternal 16977->16983 16996 a23144 16977->16996 16979 a23bf0 45 API calls 16978->16979 16980 a23176 16979->16980 16981 a23bf0 45 API calls 16980->16981 16982 a2317b 16981->16982 16984 a34650 26 API calls 16982->16984 16983->16980 16985 a22f2d 16983->16985 16986 a23180 16984->16986 16985->16982 16987 a23e50 45 API calls 16985->16987 16988 a23039 16987->16988 16989 a23e50 45 API calls 16988->16989 16990 a23048 16989->16990 16991 a23099 FindResourceW 16990->16991 16999 a35043 16990->16999 16992 a23118 16991->16992 16993 a230af LoadResource SizeofResource 16991->16993 16992->16982 16992->16996 16993->16992 16995 a230cf 16993->16995 16995->16992 16997 a230d3 CreateFileW 16995->16997 16996->16975 16997->16992 16998 a230fb WriteFile CloseHandle 16997->16998 16998->16992 17002 a34f7a 16999->17002 17003 a34f91 17002->17003 17006 a34fa9 17002->17006 17004 a34dd3 __fassign 38 API calls 17003->17004 17005 a34f9c 17004->17005 17005->17006 17007 a35007 17005->17007 17008 a34fd7 17005->17008 17006->16990 17011 a38dab 17007->17011 17009 a38c20 GetStringTypeW 17008->17009 17009->17006 17014 a38db8 17011->17014 17015 a3b40c 17014->17015 17016 a3b138 _abort 5 API calls 17015->17016 17017 a3b433 17016->17017 17020 a3b43c 17017->17020 17023 a3b494 17017->17023 17021 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17020->17021 17022 a38de6 17021->17022 17022->17006 17024 a3b138 _abort 5 API calls 17023->17024 17025 a3b4bb 17024->17025 17026 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17025->17026 17027 a3b47c LCMapStringW 17026->17027 17027->17020 17028 a221b0 17029 a221e5 ___scrt_fastfail 17028->17029 17030 a223e1 17029->17030 17031 a221f4 17029->17031 17032 a223e6 17030->17032 17033 a22447 17030->17033 17035 a22201 17031->17035 17036 a22269 GetWindowRect GetModuleHandleW GetProcAddress GetVersionExW 17031->17036 17067 a22228 17031->17067 17037 a2241a InvalidateRect 17032->17037 17038 a223ee 17032->17038 17041 a23b30 6 API calls 17033->17041 17033->17067 17034 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17042 a22479 17034->17042 17043 a22230 KillTimer InterlockedExchange DefWindowProcW 17035->17043 17044 a22206 17035->17044 17040 a223b5 SetTimer DefWindowProcW 17036->17040 17049 a222e6 17036->17049 17039 a22428 DefWindowProcW 17037->17039 17038->17039 17045 a223f6 DefWindowProcW 17038->17045 17047 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17039->17047 17051 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17040->17051 17050 a2245b ShutdownBlockReasonCreate 17041->17050 17046 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17043->17046 17044->17039 17052 a2220f 17044->17052 17053 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17045->17053 17054 a22263 17046->17054 17055 a22441 17047->17055 17048 a22361 17048->17040 17060 a22363 LoadLibraryW 17048->17060 17049->17048 17056 a22330 17049->17056 17057 a222f9 17049->17057 17050->17067 17058 a223db 17051->17058 17074 a21fc0 17052->17074 17061 a22414 17053->17061 17056->17060 17066 a22335 SetTimer DefWindowProcW 17056->17066 17057->17060 17064 a22305 SetTimer DefWindowProcW 17057->17064 17062 a22374 GetProcAddress 17060->17062 17063 a223af 17060->17063 17068 a2238a 17062->17068 17069 a223a8 FreeLibrary 17062->17069 17063->17040 17070 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17064->17070 17071 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17066->17071 17067->17034 17068->17069 17069->17063 17072 a2232a 17070->17072 17073 a2235b 17071->17073 17075 a21ff9 17074->17075 17076 a2212f 17074->17076 17078 a30aca 5 API calls 17075->17078 17094 a2200a 17075->17094 17077 a30aca 5 API calls 17076->17077 17080 a22139 17077->17080 17082 a22175 17078->17082 17079 a2204f CreateSolidBrush 17081 a2205f CreateSolidBrush 17079->17081 17080->17075 17084 a22149 CreateSolidBrush 17080->17084 17085 a2206f BeginPaint 17081->17085 17086 a22185 CreateSolidBrush 17082->17086 17082->17094 17083 a22017 17087 a2201c CreateSolidBrush 17083->17087 17090 a2202e 17083->17090 17088 a30a80 4 API calls 17084->17088 17093 a22081 FillRect FillRect EndPaint 17085->17093 17089 a30a80 4 API calls 17086->17089 17087->17081 17088->17075 17089->17094 17090->17085 17091 a2203d CreateSolidBrush 17090->17091 17091->17081 17095 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17093->17095 17094->17079 17094->17083 17096 a2212b 17095->17096 17096->17067 17137 a33cb8 17138 a33c5a __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 17137->17138 17139 a33cd3 17138->17139 17144 a33cfa 17138->17144 17141 a3854a FindHandler 38 API calls 17139->17141 17143 a33cd8 __FrameHandler3::FrameUnwindToState 17139->17143 17142 a33d13 17141->17142 17149 a32fec 17144->17149 17146 a33cff 17147 a33d0a 17146->17147 17148 a32fec FindHandler 48 API calls 17146->17148 17147->17139 17148->17147 17162 a32ffa 17149->17162 17151 a32ff1 17151->17146 17174 a3c0a6 17151->17174 17155 a38672 IsProcessorFeaturePresent 17157 a3867d 17155->17157 17156 a38668 17156->17155 17161 a38690 17156->17161 17159 a34476 _abort 8 API calls 17157->17159 17158 a37d76 _abort 28 API calls 17160 a3869a 17158->17160 17159->17161 17161->17158 17163 a33003 17162->17163 17164 a33006 GetLastError 17162->17164 17163->17151 17204 a34040 17164->17204 17166 a33080 SetLastError 17166->17151 17168 a3407b ___vcrt_FlsSetValue 6 API calls 17169 a33034 FindHandler 17168->17169 17170 a3305c 17169->17170 17171 a3407b ___vcrt_FlsSetValue 6 API calls 17169->17171 17173 a3303a 17169->17173 17172 a3407b ___vcrt_FlsSetValue 6 API calls 17170->17172 17170->17173 17171->17170 17172->17173 17173->17166 17209 a3c014 17174->17209 17177 a3c101 17178 a3c10d _abort 17177->17178 17179 a38b29 _abort 20 API calls 17178->17179 17182 a3c13a _abort 17178->17182 17185 a3c134 _abort 17178->17185 17179->17185 17180 a3c186 17181 a3517e __mbsinc 20 API calls 17180->17181 17183 a3c18b 17181->17183 17189 a3c1b2 17182->17189 17223 a3b0d1 EnterCriticalSection 17182->17223 17186 a34640 __mbsinc 26 API calls 17183->17186 17184 a41b19 _abort 5 API calls 17188 a3c308 17184->17188 17185->17180 17185->17182 17203 a3c169 17185->17203 17186->17203 17188->17156 17190 a3c211 17189->17190 17192 a3c209 17189->17192 17200 a3c23c 17189->17200 17224 a3b121 LeaveCriticalSection 17189->17224 17190->17200 17225 a3c0f8 17190->17225 17195 a37d76 _abort 28 API calls 17192->17195 17195->17190 17197 a38aa5 _abort 38 API calls 17201 a3c29f 17197->17201 17199 a3c0f8 _abort 38 API calls 17199->17200 17228 a3c2c1 17200->17228 17202 a38aa5 _abort 38 API calls 17201->17202 17201->17203 17202->17203 17203->17184 17205 a33f5b try_get_function 5 API calls 17204->17205 17206 a3405a 17205->17206 17207 a34072 TlsGetValue 17206->17207 17208 a3301b 17206->17208 17207->17208 17208->17166 17208->17168 17208->17173 17212 a3bfba 17209->17212 17211 a3865d 17211->17156 17211->17177 17213 a3bfc6 __FrameHandler3::FrameUnwindToState 17212->17213 17218 a3b0d1 EnterCriticalSection 17213->17218 17215 a3bfd4 17219 a3c008 17215->17219 17217 a3bffb _abort 17217->17211 17218->17215 17222 a3b121 LeaveCriticalSection 17219->17222 17221 a3c012 17221->17217 17222->17221 17223->17189 17224->17192 17226 a38aa5 _abort 38 API calls 17225->17226 17227 a3c0fd 17226->17227 17227->17199 17229 a3c2c7 17228->17229 17230 a3c290 17228->17230 17232 a3b121 LeaveCriticalSection 17229->17232 17230->17197 17230->17201 17230->17203 17232->17230 18221 a39d80 18231 a3e367 18221->18231 18225 a39d8d 18244 a3e448 18225->18244 18228 a39db7 18229 a38de9 _free 20 API calls 18228->18229 18230 a39dc2 18229->18230 18248 a3e370 18231->18248 18233 a39d88 18234 a3e21a 18233->18234 18235 a3e226 __FrameHandler3::FrameUnwindToState 18234->18235 18268 a3b0d1 EnterCriticalSection 18235->18268 18237 a3e29c 18282 a3e2b1 18237->18282 18239 a3e270 DeleteCriticalSection 18240 a38de9 _free 20 API calls 18239->18240 18243 a3e231 18240->18243 18241 a3e2a8 _abort 18241->18225 18243->18237 18243->18239 18269 a3f873 18243->18269 18245 a3e45e 18244->18245 18247 a39d9c DeleteCriticalSection 18244->18247 18246 a38de9 _free 20 API calls 18245->18246 18245->18247 18246->18247 18247->18225 18247->18228 18249 a3e37c __FrameHandler3::FrameUnwindToState 18248->18249 18258 a3b0d1 EnterCriticalSection 18249->18258 18251 a3e41f 18263 a3e43f 18251->18263 18254 a3e38b 18254->18251 18257 a3e320 66 API calls 18254->18257 18259 a39dcc EnterCriticalSection 18254->18259 18260 a3e415 18254->18260 18255 a3e42b _abort 18255->18233 18257->18254 18258->18254 18259->18254 18266 a39de0 LeaveCriticalSection 18260->18266 18262 a3e41d 18262->18254 18267 a3b121 LeaveCriticalSection 18263->18267 18265 a3e446 18265->18255 18266->18262 18267->18265 18268->18243 18270 a3f87f __FrameHandler3::FrameUnwindToState 18269->18270 18271 a3f890 18270->18271 18272 a3f8a5 18270->18272 18273 a3517e __mbsinc 20 API calls 18271->18273 18281 a3f8a0 _abort 18272->18281 18285 a39dcc EnterCriticalSection 18272->18285 18274 a3f895 18273->18274 18276 a34640 __mbsinc 26 API calls 18274->18276 18276->18281 18277 a3f8c1 18286 a3f7fd 18277->18286 18279 a3f8cc 18302 a3f8e9 18279->18302 18281->18243 18550 a3b121 LeaveCriticalSection 18282->18550 18284 a3e2b8 18284->18241 18285->18277 18287 a3f80a 18286->18287 18288 a3f81f 18286->18288 18289 a3517e __mbsinc 20 API calls 18287->18289 18293 a3f81a 18288->18293 18305 a3e2ba 18288->18305 18290 a3f80f 18289->18290 18292 a34640 __mbsinc 26 API calls 18290->18292 18292->18293 18293->18279 18295 a3e448 20 API calls 18296 a3f83b 18295->18296 18311 a39c87 18296->18311 18298 a3f841 18318 a40af3 18298->18318 18301 a38de9 _free 20 API calls 18301->18293 18549 a39de0 LeaveCriticalSection 18302->18549 18304 a3f8f1 18304->18281 18306 a3e2d2 18305->18306 18307 a3e2ce 18305->18307 18306->18307 18308 a39c87 26 API calls 18306->18308 18307->18295 18309 a3e2f2 18308->18309 18333 a3f46d 18309->18333 18312 a39c93 18311->18312 18313 a39ca8 18311->18313 18314 a3517e __mbsinc 20 API calls 18312->18314 18313->18298 18315 a39c98 18314->18315 18316 a34640 __mbsinc 26 API calls 18315->18316 18317 a39ca3 18316->18317 18317->18298 18319 a40b17 18318->18319 18320 a40b02 18318->18320 18322 a40b52 18319->18322 18327 a40b3e 18319->18327 18321 a3516b __dosmaperr 20 API calls 18320->18321 18324 a40b07 18321->18324 18323 a3516b __dosmaperr 20 API calls 18322->18323 18325 a40b57 18323->18325 18326 a3517e __mbsinc 20 API calls 18324->18326 18328 a3517e __mbsinc 20 API calls 18325->18328 18330 a3f847 18326->18330 18506 a40acb 18327->18506 18331 a40b5f 18328->18331 18330->18293 18330->18301 18332 a34640 __mbsinc 26 API calls 18331->18332 18332->18330 18334 a3f479 __FrameHandler3::FrameUnwindToState 18333->18334 18335 a3f481 18334->18335 18336 a3f499 18334->18336 18358 a3516b 18335->18358 18338 a3f537 18336->18338 18342 a3f4ce 18336->18342 18340 a3516b __dosmaperr 20 API calls 18338->18340 18343 a3f53c 18340->18343 18341 a3517e __mbsinc 20 API calls 18351 a3f48e _abort 18341->18351 18361 a3b71d EnterCriticalSection 18342->18361 18345 a3517e __mbsinc 20 API calls 18343->18345 18347 a3f544 18345->18347 18346 a3f4d4 18348 a3f4f0 18346->18348 18349 a3f505 18346->18349 18350 a34640 __mbsinc 26 API calls 18347->18350 18353 a3517e __mbsinc 20 API calls 18348->18353 18362 a3f558 18349->18362 18350->18351 18351->18307 18355 a3f4f5 18353->18355 18354 a3f500 18413 a3f52f 18354->18413 18356 a3516b __dosmaperr 20 API calls 18355->18356 18356->18354 18359 a38b29 _abort 20 API calls 18358->18359 18360 a35170 18359->18360 18360->18341 18361->18346 18363 a3f586 18362->18363 18401 a3f57f 18362->18401 18364 a3f58a 18363->18364 18365 a3f5a9 18363->18365 18367 a3516b __dosmaperr 20 API calls 18364->18367 18368 a3f5fa 18365->18368 18369 a3f5dd 18365->18369 18366 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 18370 a3f760 18366->18370 18371 a3f58f 18367->18371 18373 a3f610 18368->18373 18416 a3f7e2 18368->18416 18372 a3516b __dosmaperr 20 API calls 18369->18372 18370->18354 18374 a3517e __mbsinc 20 API calls 18371->18374 18376 a3f5e2 18372->18376 18419 a3f0fd 18373->18419 18378 a3f596 18374->18378 18380 a3517e __mbsinc 20 API calls 18376->18380 18381 a34640 __mbsinc 26 API calls 18378->18381 18384 a3f5ea 18380->18384 18381->18401 18382 a3f657 18388 a3f6b1 WriteFile 18382->18388 18389 a3f66b 18382->18389 18383 a3f61e 18385 a3f622 18383->18385 18386 a3f644 18383->18386 18387 a34640 __mbsinc 26 API calls 18384->18387 18390 a3f718 18385->18390 18426 a3f090 18385->18426 18431 a3eedd GetConsoleCP 18386->18431 18387->18401 18392 a3f6d4 GetLastError 18388->18392 18397 a3f63a 18388->18397 18393 a3f673 18389->18393 18394 a3f6a1 18389->18394 18390->18401 18402 a3517e __mbsinc 20 API calls 18390->18402 18392->18397 18398 a3f691 18393->18398 18399 a3f678 18393->18399 18457 a3f173 18394->18457 18397->18390 18397->18401 18405 a3f6f4 18397->18405 18449 a3f340 18398->18449 18399->18390 18442 a3f252 18399->18442 18401->18366 18404 a3f73d 18402->18404 18406 a3516b __dosmaperr 20 API calls 18404->18406 18407 a3f6fb 18405->18407 18408 a3f70f 18405->18408 18406->18401 18410 a3517e __mbsinc 20 API calls 18407->18410 18464 a35148 18408->18464 18411 a3f700 18410->18411 18412 a3516b __dosmaperr 20 API calls 18411->18412 18412->18401 18505 a3b740 LeaveCriticalSection 18413->18505 18415 a3f535 18415->18351 18469 a3f764 18416->18469 18491 a3e486 18419->18491 18421 a3f10d 18422 a3f112 18421->18422 18423 a38aa5 _abort 38 API calls 18421->18423 18422->18382 18422->18383 18424 a3f135 18423->18424 18424->18422 18425 a3f153 GetConsoleMode 18424->18425 18425->18422 18427 a3f0ea 18426->18427 18430 a3f0b5 18426->18430 18427->18397 18428 a40a04 WriteConsoleW CreateFileW 18428->18430 18429 a3f0ec GetLastError 18429->18427 18430->18427 18430->18428 18430->18429 18433 a3ef40 18431->18433 18437 a3f052 18431->18437 18432 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 18434 a3f08c 18432->18434 18436 a3efc6 WideCharToMultiByte 18433->18436 18433->18437 18439 a39258 40 API calls __fassign 18433->18439 18441 a3f01d WriteFile 18433->18441 18500 a38bfa 18433->18500 18434->18397 18436->18437 18438 a3efec WriteFile 18436->18438 18437->18432 18438->18433 18440 a3f075 GetLastError 18438->18440 18439->18433 18440->18437 18441->18433 18441->18440 18447 a3f261 18442->18447 18443 a3f323 18444 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 18443->18444 18446 a3f33c 18444->18446 18445 a3f2df WriteFile 18445->18447 18448 a3f325 GetLastError 18445->18448 18446->18397 18447->18443 18447->18445 18448->18443 18456 a3f34f 18449->18456 18450 a3f45a 18451 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 18450->18451 18453 a3f469 18451->18453 18452 a3f3d1 WideCharToMultiByte 18454 a3f452 GetLastError 18452->18454 18455 a3f406 WriteFile 18452->18455 18453->18397 18454->18450 18455->18454 18455->18456 18456->18450 18456->18452 18456->18455 18462 a3f182 18457->18462 18458 a3f235 18459 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 18458->18459 18461 a3f24e 18459->18461 18460 a3f1f4 WriteFile 18460->18462 18463 a3f237 GetLastError 18460->18463 18461->18397 18462->18458 18462->18460 18463->18458 18465 a3516b __dosmaperr 20 API calls 18464->18465 18466 a35153 __dosmaperr 18465->18466 18467 a3517e __mbsinc 20 API calls 18466->18467 18468 a35166 18467->18468 18468->18401 18478 a3b7f4 18469->18478 18471 a3f776 18472 a3f78f SetFilePointerEx 18471->18472 18473 a3f77e 18471->18473 18474 a3f7a7 GetLastError 18472->18474 18477 a3f783 18472->18477 18475 a3517e __mbsinc 20 API calls 18473->18475 18476 a35148 __dosmaperr 20 API calls 18474->18476 18475->18477 18476->18477 18477->18373 18479 a3b801 18478->18479 18483 a3b816 18478->18483 18480 a3516b __dosmaperr 20 API calls 18479->18480 18482 a3b806 18480->18482 18481 a3516b __dosmaperr 20 API calls 18484 a3b846 18481->18484 18485 a3517e __mbsinc 20 API calls 18482->18485 18483->18481 18486 a3b83b 18483->18486 18487 a3517e __mbsinc 20 API calls 18484->18487 18488 a3b80e 18485->18488 18486->18471 18489 a3b84e 18487->18489 18488->18471 18490 a34640 __mbsinc 26 API calls 18489->18490 18490->18488 18492 a3e493 18491->18492 18493 a3e4a0 18491->18493 18494 a3517e __mbsinc 20 API calls 18492->18494 18496 a3e4ac 18493->18496 18497 a3517e __mbsinc 20 API calls 18493->18497 18495 a3e498 18494->18495 18495->18421 18496->18421 18498 a3e4cd 18497->18498 18499 a34640 __mbsinc 26 API calls 18498->18499 18499->18495 18501 a38aa5 _abort 38 API calls 18500->18501 18502 a38c05 18501->18502 18503 a38d51 __fassign 38 API calls 18502->18503 18504 a38c15 18503->18504 18504->18433 18505->18415 18509 a40a49 18506->18509 18508 a40aef 18508->18330 18510 a40a55 __FrameHandler3::FrameUnwindToState 18509->18510 18520 a3b71d EnterCriticalSection 18510->18520 18512 a40a63 18513 a40a95 18512->18513 18514 a40a8a 18512->18514 18515 a3517e __mbsinc 20 API calls 18513->18515 18521 a40b72 18514->18521 18517 a40a90 18515->18517 18536 a40abf 18517->18536 18519 a40ab2 _abort 18519->18508 18520->18512 18522 a3b7f4 26 API calls 18521->18522 18524 a40b82 18522->18524 18523 a40b88 18539 a3b763 18523->18539 18524->18523 18525 a40bba 18524->18525 18527 a3b7f4 26 API calls 18524->18527 18525->18523 18528 a3b7f4 26 API calls 18525->18528 18530 a40bb1 18527->18530 18531 a40bc6 CloseHandle 18528->18531 18533 a3b7f4 26 API calls 18530->18533 18531->18523 18534 a40bd2 GetLastError 18531->18534 18532 a40c02 18532->18517 18533->18525 18534->18523 18535 a35148 __dosmaperr 20 API calls 18535->18532 18548 a3b740 LeaveCriticalSection 18536->18548 18538 a40ac9 18538->18519 18540 a3b772 18539->18540 18541 a3b7d9 18539->18541 18540->18541 18545 a3b79c 18540->18545 18542 a3517e __mbsinc 20 API calls 18541->18542 18543 a3b7de 18542->18543 18544 a3516b __dosmaperr 20 API calls 18543->18544 18546 a3b7c9 18544->18546 18545->18546 18547 a3b7c3 SetStdHandle 18545->18547 18546->18532 18546->18535 18547->18546 18548->18538 18549->18304 18550->18284 17097 a30684 17098 a30623 17097->17098 17098->17097 17099 a27ae6 ___delayLoadHelper2@8 17 API calls 17098->17099 17099->17098 18562 a38990 18563 a3899b 18562->18563 18564 a389ab 18562->18564 18568 a389b1 18563->18568 18567 a38de9 _free 20 API calls 18567->18564 18569 a389c4 18568->18569 18570 a389ca 18568->18570 18571 a38de9 _free 20 API calls 18569->18571 18572 a38de9 _free 20 API calls 18570->18572 18571->18570 18573 a389d6 18572->18573 18574 a38de9 _free 20 API calls 18573->18574 18575 a389e1 18574->18575 18576 a38de9 _free 20 API calls 18575->18576 18577 a389ec 18576->18577 18578 a38de9 _free 20 API calls 18577->18578 18579 a389f7 18578->18579 18580 a38de9 _free 20 API calls 18579->18580 18581 a38a02 18580->18581 18582 a38de9 _free 20 API calls 18581->18582 18583 a38a0d 18582->18583 18584 a38de9 _free 20 API calls 18583->18584 18585 a38a18 18584->18585 18586 a38de9 _free 20 API calls 18585->18586 18587 a38a23 18586->18587 18588 a38de9 _free 20 API calls 18587->18588 18589 a38a31 18588->18589 18594 a3886c 18589->18594 18600 a38778 18594->18600 18596 a38890 18597 a388bc 18596->18597 18613 a387d9 18597->18613 18599 a388e0 18599->18567 18601 a38784 __FrameHandler3::FrameUnwindToState 18600->18601 18608 a3b0d1 EnterCriticalSection 18601->18608 18603 a3878e 18606 a38de9 _free 20 API calls 18603->18606 18607 a387b8 18603->18607 18605 a387c5 _abort 18605->18596 18606->18607 18609 a387cd 18607->18609 18608->18603 18612 a3b121 LeaveCriticalSection 18609->18612 18611 a387d7 18611->18605 18612->18611 18614 a387e5 __FrameHandler3::FrameUnwindToState 18613->18614 18621 a3b0d1 EnterCriticalSection 18614->18621 18616 a387ef 18622 a38a5a 18616->18622 18618 a38802 18626 a38818 18618->18626 18620 a38810 _abort 18620->18599 18621->18616 18623 a38a69 __fassign 18622->18623 18625 a38a90 __fassign 18622->18625 18624 a3bba7 __fassign 20 API calls 18623->18624 18623->18625 18624->18625 18625->18618 18629 a3b121 LeaveCriticalSection 18626->18629 18628 a38822 18628->18620 18629->18628 17346 a3bee1 17349 a3bf07 17346->17349 17350 a3bf03 17346->17350 17347 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 17348 a3bf69 17347->17348 17349->17350 17351 a39f80 31 API calls 17349->17351 17350->17347 17351->17349 17100 a305f8 17101 a30608 17100->17101 17102 a27ae6 ___delayLoadHelper2@8 17 API calls 17101->17102 17103 a30615 17102->17103 16947 a21020 HeapSetInformation GetModuleHandleW 16948 a21063 SetDllDirectoryW GetModuleHandleW 16947->16948 16949 a2103e GetProcAddress 16947->16949 16950 a210a2 IsProcessorFeaturePresent 16948->16950 16951 a2107d GetProcAddress 16948->16951 16949->16948 16952 a21050 16949->16952 16954 a210c6 16950->16954 16955 a210ae 16950->16955 16951->16950 16953 a2108f 16951->16953 16952->16948 16952->16950 16953->16950 16957 a27fe0 30 API calls 16954->16957 16956 a23b70 9 API calls 16955->16956 16958 a210b8 ExitProcess 16956->16958 16959 a210cb 16957->16959 16960 a210d2 16959->16960 16961 a210ea 16959->16961 16963 a23b70 9 API calls 16960->16963 16966 a308de 16961->16966 16964 a210dc ExitProcess 16963->16964 16969 a31035 16966->16969 16968 a308e3 16968->16968 16970 a3104b 16969->16970 16972 a31054 16970->16972 16973 a30fe8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 16970->16973 16972->16968 16973->16972 17851 a37e30 17852 a37e3c __FrameHandler3::FrameUnwindToState 17851->17852 17853 a37e73 _abort 17852->17853 17859 a3b0d1 EnterCriticalSection 17852->17859 17855 a37e50 17860 a3be6b 17855->17860 17859->17855 17861 a3be79 __fassign 17860->17861 17863 a37e60 17860->17863 17861->17863 17867 a3bba7 17861->17867 17864 a37e79 17863->17864 17981 a3b121 LeaveCriticalSection 17864->17981 17866 a37e80 17866->17853 17868 a3bc27 17867->17868 17871 a3bbbd 17867->17871 17869 a3bc75 17868->17869 17872 a38de9 _free 20 API calls 17868->17872 17935 a3bd1a 17869->17935 17871->17868 17873 a3bbf0 17871->17873 17879 a38de9 _free 20 API calls 17871->17879 17874 a3bc49 17872->17874 17875 a3bc12 17873->17875 17880 a38de9 _free 20 API calls 17873->17880 17876 a38de9 _free 20 API calls 17874->17876 17878 a38de9 _free 20 API calls 17875->17878 17877 a3bc5c 17876->17877 17881 a38de9 _free 20 API calls 17877->17881 17882 a3bc1c 17878->17882 17884 a3bbe5 17879->17884 17886 a3bc07 17880->17886 17887 a3bc6a 17881->17887 17888 a38de9 _free 20 API calls 17882->17888 17883 a3bce3 17889 a38de9 _free 20 API calls 17883->17889 17895 a3b85e 17884->17895 17885 a3bc83 17885->17883 17894 a38de9 20 API calls _free 17885->17894 17923 a3b95c 17886->17923 17892 a38de9 _free 20 API calls 17887->17892 17888->17868 17893 a3bce9 17889->17893 17892->17869 17893->17863 17894->17885 17896 a3b86f 17895->17896 17922 a3b958 17895->17922 17897 a3b880 17896->17897 17898 a38de9 _free 20 API calls 17896->17898 17899 a3b892 17897->17899 17900 a38de9 _free 20 API calls 17897->17900 17898->17897 17901 a3b8a4 17899->17901 17903 a38de9 _free 20 API calls 17899->17903 17900->17899 17902 a3b8b6 17901->17902 17904 a38de9 _free 20 API calls 17901->17904 17905 a3b8c8 17902->17905 17906 a38de9 _free 20 API calls 17902->17906 17903->17901 17904->17902 17907 a38de9 _free 20 API calls 17905->17907 17908 a3b8da 17905->17908 17906->17905 17907->17908 17909 a3b8ec 17908->17909 17911 a38de9 _free 20 API calls 17908->17911 17910 a3b8fe 17909->17910 17912 a38de9 _free 20 API calls 17909->17912 17913 a3b910 17910->17913 17914 a38de9 _free 20 API calls 17910->17914 17911->17909 17912->17910 17915 a3b922 17913->17915 17916 a38de9 _free 20 API calls 17913->17916 17914->17913 17917 a3b934 17915->17917 17919 a38de9 _free 20 API calls 17915->17919 17916->17915 17918 a3b946 17917->17918 17920 a38de9 _free 20 API calls 17917->17920 17921 a38de9 _free 20 API calls 17918->17921 17918->17922 17919->17917 17920->17918 17921->17922 17922->17873 17924 a3b9c1 17923->17924 17925 a3b969 17923->17925 17924->17875 17926 a3b979 17925->17926 17927 a38de9 _free 20 API calls 17925->17927 17928 a3b98b 17926->17928 17929 a38de9 _free 20 API calls 17926->17929 17927->17926 17930 a3b99d 17928->17930 17931 a38de9 _free 20 API calls 17928->17931 17929->17928 17932 a3b9af 17930->17932 17933 a38de9 _free 20 API calls 17930->17933 17931->17930 17932->17924 17934 a38de9 _free 20 API calls 17932->17934 17933->17932 17934->17924 17936 a3bd45 17935->17936 17937 a3bd27 17935->17937 17936->17885 17937->17936 17941 a3ba01 17937->17941 17940 a38de9 _free 20 API calls 17940->17936 17942 a3badf 17941->17942 17943 a3ba12 17941->17943 17942->17940 17977 a3b9c5 17943->17977 17946 a3b9c5 __fassign 20 API calls 17947 a3ba25 17946->17947 17948 a3b9c5 __fassign 20 API calls 17947->17948 17949 a3ba30 17948->17949 17950 a3b9c5 __fassign 20 API calls 17949->17950 17951 a3ba3b 17950->17951 17952 a3b9c5 __fassign 20 API calls 17951->17952 17953 a3ba49 17952->17953 17954 a38de9 _free 20 API calls 17953->17954 17955 a3ba54 17954->17955 17956 a38de9 _free 20 API calls 17955->17956 17957 a3ba5f 17956->17957 17958 a38de9 _free 20 API calls 17957->17958 17959 a3ba6a 17958->17959 17960 a3b9c5 __fassign 20 API calls 17959->17960 17961 a3ba78 17960->17961 17962 a3b9c5 __fassign 20 API calls 17961->17962 17963 a3ba86 17962->17963 17964 a3b9c5 __fassign 20 API calls 17963->17964 17965 a3ba97 17964->17965 17966 a3b9c5 __fassign 20 API calls 17965->17966 17967 a3baa5 17966->17967 17968 a3b9c5 __fassign 20 API calls 17967->17968 17969 a3bab3 17968->17969 17970 a38de9 _free 20 API calls 17969->17970 17971 a3babe 17970->17971 17972 a38de9 _free 20 API calls 17971->17972 17973 a3bac9 17972->17973 17974 a38de9 _free 20 API calls 17973->17974 17975 a3bad4 17974->17975 17976 a38de9 _free 20 API calls 17975->17976 17976->17942 17978 a3b9fc 17977->17978 17979 a3b9ec 17977->17979 17978->17946 17979->17978 17980 a38de9 _free 20 API calls 17979->17980 17980->17979 17981->17866 19924 a3a303 19925 a3a296 _abort 19924->19925 19926 a3a2bf 19925->19926 19928 a37f33 _abort 7 API calls 19925->19928 19929 a3a2bd 19925->19929 19930 a3a2aa RtlAllocateHeap 19925->19930 19927 a3517e __mbsinc 20 API calls 19926->19927 19927->19929 19928->19925 19930->19925 18058 a30619 18059 a30623 18058->18059 18060 a27ae6 ___delayLoadHelper2@8 17 API calls 18059->18060 18060->18059 14603 a30762 14604 a3076e __FrameHandler3::FrameUnwindToState 14603->14604 14633 a30d67 14604->14633 14606 a30775 14607 a308c8 14606->14607 14610 a3079f 14606->14610 15075 a310ff IsProcessorFeaturePresent 14607->15075 14609 a308cf 14611 a308d5 14609->14611 15079 a37dc4 14609->15079 14619 a307de ___scrt_release_startup_lock 14610->14619 15049 a37ae9 14610->15049 15082 a37d76 14611->15082 14617 a307be 14623 a3083f 14619->14623 15057 a37d8c 14619->15057 14621 a30845 14648 a252f0 InterlockedExchange 14621->14648 14644 a31219 14623->14644 14628 a30865 14629 a3086e 14628->14629 15066 a37d67 14628->15066 15069 a30ef6 14629->15069 14634 a30d70 14633->14634 15085 a3153d IsProcessorFeaturePresent 14634->15085 14638 a30d81 14643 a30d85 14638->14643 15096 a384c7 14638->15096 14641 a30d9c 14641->14606 14643->14606 15366 a31ee0 14644->15366 14647 a3123f 14647->14621 15368 a233a0 14648->15368 14653 a254d6 GetCurrentProcess 15398 a27e70 OpenProcessToken 14653->15398 14654 a25577 15421 a28080 GetModuleHandleW GetProcAddress 14654->15421 14657 a25583 14659 a255c7 14657->14659 14660 a25587 InterlockedExchange InterlockedExchange 14657->14660 15435 a23b30 LoadStringW 14659->15435 14662 a255b5 14660->14662 14672 a25523 14660->14672 14666 a23b70 9 API calls 14662->14666 14665 a243e0 59 API calls 14669 a275c8 14665->14669 14666->14672 14673 a24440 61 API calls 14669->14673 14670 a2563b 15438 a2cf50 14670->15438 14671 a255e9 GetLastError 14671->14670 14675 a255f6 InterlockedExchange 14671->14675 14672->14665 14676 a275d4 14673->14676 14677 a23b30 6 API calls 14675->14677 14678 a275e2 CloseHandle 14676->14678 14679 a275e9 14676->14679 14680 a25612 14677->14680 14678->14679 14681 a275f3 CloseHandle 14679->14681 14682 a275fa 14679->14682 15552 a211b0 FindWindowW 14680->15552 14681->14682 14687 a27604 CloseHandle 14682->14687 14688 a2760b 14682->14688 14687->14688 14695 a27fe0 30 API calls 14688->14695 14717 a27610 ___scrt_fastfail 14695->14717 14699 a23b30 6 API calls 14700 a2562d 14699->14700 14703 a211b0 2 API calls 14700->14703 14702 a2770d 14705 a27717 ReleaseMutex CloseHandle 14702->14705 14706 a27725 14702->14706 14709 a25633 14703->14709 14705->14706 15619 a24170 14706->15619 14709->14672 14716 a22d50 26 API calls 14721 a27754 14716->14721 14717->14702 14741 a27699 14717->14741 14725 a22d50 26 API calls 14721->14725 14729 a2775f 14725->14729 14733 a22d50 26 API calls 14729->14733 14737 a2776a 14733->14737 14740 a22d50 26 API calls 14737->14740 14744 a27775 14740->14744 15612 a24000 14741->15612 14749 a22d50 26 API calls 14744->14749 14753 a27780 14749->14753 14750 a276a0 _wcsrchr 14757 a24000 26 API calls 14750->14757 14756 a22d50 26 API calls 14753->14756 14760 a2778b 14756->14760 14761 a276b2 _wcsrchr 14757->14761 14763 a22d50 26 API calls 14760->14763 15616 a24800 14761->15616 14765 a27796 14763->14765 14766 a22d50 26 API calls 14765->14766 14771 a277a1 14766->14771 14776 a22d50 26 API calls 14771->14776 14781 a277ac 14776->14781 14785 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 14781->14785 14782 a24800 26 API calls 14787 a276dd 14782->14787 14790 a277c6 14785->14790 14792 a24000 26 API calls 14787->14792 15064 a3124f GetModuleHandleW 14790->15064 14797 a276e7 CreateHardLinkW 14792->14797 14797->14702 14801 a276f9 14797->14801 14807 a24000 26 API calls 14801->14807 14811 a27706 CopyFileW 14807->14811 14811->14702 15051 a37b00 15049->15051 15050 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15052 a307b8 15050->15052 15051->15050 15052->14617 15053 a37a8d 15052->15053 15056 a37abc 15053->15056 15054 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15055 a37ae5 15054->15055 15055->14619 15056->15054 15058 a37db4 __onexit 15057->15058 15059 a3854a _abort 15057->15059 15058->14623 15060 a38aa5 _abort 38 API calls 15059->15060 15063 a3855b 15060->15063 15061 a38658 _abort 38 API calls 15062 a38585 15061->15062 15063->15061 15065 a30861 15064->15065 15065->14609 15065->14628 16862 a37b41 15066->16862 15070 a30f02 15069->15070 15074 a30876 15070->15074 16940 a384d9 15070->16940 15073 a32da4 ___vcrt_uninitialize 8 API calls 15073->15074 15074->14617 15076 a31114 ___scrt_fastfail 15075->15076 15077 a311bf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15076->15077 15078 a3120a ___scrt_fastfail 15077->15078 15078->14609 15080 a37b41 _abort 28 API calls 15079->15080 15081 a37dd5 15080->15081 15081->14611 15083 a37b41 _abort 28 API calls 15082->15083 15084 a308dd 15083->15084 15086 a30d7c 15085->15086 15087 a32d7b 15086->15087 15088 a32d80 ___vcrt_initialize_winapi_thunks 15087->15088 15107 a33e2c 15088->15107 15092 a32d96 15093 a32da1 15092->15093 15121 a33e68 15092->15121 15093->14638 15095 a32d8e 15095->14638 15162 a3beea 15096->15162 15099 a32da4 15100 a32dbe 15099->15100 15101 a32dad 15099->15101 15100->14643 15102 a330bf ___vcrt_uninitialize_ptd 6 API calls 15101->15102 15103 a32db2 15102->15103 15104 a33e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15103->15104 15105 a32db7 15104->15105 15362 a34129 15105->15362 15108 a33e35 15107->15108 15110 a33e5e 15108->15110 15111 a32d8a 15108->15111 15125 a340b9 15108->15125 15112 a33e68 ___vcrt_uninitialize_locks DeleteCriticalSection 15110->15112 15111->15095 15113 a3308c 15111->15113 15112->15111 15143 a33fca 15113->15143 15116 a330a1 15116->15092 15119 a330bc 15119->15092 15122 a33e92 15121->15122 15123 a33e73 15121->15123 15122->15095 15124 a33e7d DeleteCriticalSection 15123->15124 15124->15122 15124->15124 15130 a33f5b 15125->15130 15127 a340d3 15128 a340f1 InitializeCriticalSectionAndSpinCount 15127->15128 15129 a340dc 15127->15129 15128->15129 15129->15108 15131 a33f83 15130->15131 15135 a33f7f __crt_fast_encode_pointer 15130->15135 15131->15135 15136 a33e97 15131->15136 15134 a33f9d GetProcAddress 15134->15135 15135->15127 15137 a33ea6 15136->15137 15138 a33ec3 LoadLibraryExW 15137->15138 15140 a33f39 FreeLibrary 15137->15140 15141 a33f50 15137->15141 15142 a33f11 LoadLibraryExW 15137->15142 15138->15137 15139 a33ede GetLastError 15138->15139 15139->15137 15140->15137 15141->15134 15141->15135 15142->15137 15144 a33f5b try_get_function 5 API calls 15143->15144 15145 a33fe4 15144->15145 15146 a33ffd TlsAlloc 15145->15146 15147 a33096 15145->15147 15147->15116 15148 a3407b 15147->15148 15149 a33f5b try_get_function 5 API calls 15148->15149 15150 a34095 15149->15150 15151 a340b0 TlsSetValue 15150->15151 15152 a330af 15150->15152 15151->15152 15152->15119 15153 a330bf 15152->15153 15154 a330cf 15153->15154 15155 a330c9 15153->15155 15154->15116 15157 a34005 15155->15157 15158 a33f5b try_get_function 5 API calls 15157->15158 15159 a3401f 15158->15159 15160 a34037 TlsFree 15159->15160 15161 a3402b 15159->15161 15160->15161 15161->15154 15164 a3bf03 15162->15164 15166 a3bf07 15162->15166 15180 a30bbe 15164->15180 15165 a30d8e 15165->14641 15165->15099 15166->15164 15168 a39f80 15166->15168 15169 a39f8c __FrameHandler3::FrameUnwindToState 15168->15169 15187 a3b0d1 EnterCriticalSection 15169->15187 15171 a39f93 15188 a3b685 15171->15188 15173 a39fa2 15174 a39fb1 15173->15174 15201 a39e09 GetStartupInfoW 15173->15201 15212 a39fcd 15174->15212 15177 a39fc2 _abort 15177->15166 15181 a30bc7 15180->15181 15182 a30bc9 IsProcessorFeaturePresent 15180->15182 15181->15165 15184 a313e7 15182->15184 15361 a313ab SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15184->15361 15186 a314ca 15186->15165 15187->15171 15189 a3b691 __FrameHandler3::FrameUnwindToState 15188->15189 15190 a3b6b5 15189->15190 15191 a3b69e 15189->15191 15215 a3b0d1 EnterCriticalSection 15190->15215 15223 a3517e 15191->15223 15195 a3b6c1 15200 a3b6ed 15195->15200 15216 a3b5d6 15195->15216 15197 a3b6ad _abort 15197->15173 15229 a3b714 15200->15229 15202 a39e26 15201->15202 15204 a39eb8 15201->15204 15203 a3b685 27 API calls 15202->15203 15202->15204 15205 a39e4f 15203->15205 15207 a39ebf 15204->15207 15205->15204 15206 a39e7d GetFileType 15205->15206 15206->15205 15209 a39ec6 15207->15209 15208 a39f09 GetStdHandle 15208->15209 15209->15208 15210 a39f71 15209->15210 15211 a39f1c GetFileType 15209->15211 15210->15174 15211->15209 15360 a3b121 LeaveCriticalSection 15212->15360 15214 a39fd4 15214->15177 15215->15195 15232 a3a272 15216->15232 15218 a3b5e8 15222 a3b5f5 15218->15222 15239 a3b3aa 15218->15239 15220 a3b647 15220->15195 15246 a38de9 15222->15246 15280 a38b29 GetLastError 15223->15280 15226 a34640 15338 a345c5 15226->15338 15228 a3464c 15228->15197 15359 a3b121 LeaveCriticalSection 15229->15359 15231 a3b71b 15231->15197 15237 a3a27f _abort 15232->15237 15233 a3a2bf 15235 a3517e __mbsinc 19 API calls 15233->15235 15234 a3a2aa RtlAllocateHeap 15234->15237 15236 a3a2bd 15235->15236 15236->15218 15237->15233 15237->15234 15237->15236 15252 a37f33 15237->15252 15267 a3b138 15239->15267 15241 a3b3d1 15242 a3b3ef InitializeCriticalSectionAndSpinCount 15241->15242 15243 a3b3da 15241->15243 15242->15243 15244 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15243->15244 15245 a3b406 15244->15245 15245->15218 15247 a38df4 HeapFree 15246->15247 15251 a38e1d __dosmaperr 15246->15251 15248 a38e09 15247->15248 15247->15251 15249 a3517e __mbsinc 18 API calls 15248->15249 15250 a38e0f GetLastError 15249->15250 15250->15251 15251->15220 15257 a37f77 15252->15257 15254 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15255 a37f73 15254->15255 15255->15237 15256 a37f49 15256->15254 15258 a37f83 __FrameHandler3::FrameUnwindToState 15257->15258 15263 a3b0d1 EnterCriticalSection 15258->15263 15260 a37f8e 15264 a37fc0 15260->15264 15262 a37fb5 _abort 15262->15256 15263->15260 15265 a3b121 _abort LeaveCriticalSection 15264->15265 15266 a37fc7 15265->15266 15266->15262 15270 a3b164 15267->15270 15272 a3b168 __crt_fast_encode_pointer 15267->15272 15268 a3b188 15271 a3b194 GetProcAddress 15268->15271 15268->15272 15270->15268 15270->15272 15273 a3b1d4 15270->15273 15271->15272 15272->15241 15274 a3b1f5 LoadLibraryExW 15273->15274 15279 a3b1ea 15273->15279 15275 a3b212 GetLastError 15274->15275 15276 a3b22a 15274->15276 15275->15276 15277 a3b21d LoadLibraryExW 15275->15277 15278 a3b241 FreeLibrary 15276->15278 15276->15279 15277->15276 15278->15279 15279->15270 15281 a38b42 15280->15281 15282 a38b48 15280->15282 15299 a3b2fb 15281->15299 15284 a3a272 _abort 17 API calls 15282->15284 15286 a38b9f SetLastError 15282->15286 15285 a38b5a 15284->15285 15291 a38b62 15285->15291 15306 a3b351 15285->15306 15287 a35183 15286->15287 15287->15226 15289 a38de9 _free 17 API calls 15293 a38b68 15289->15293 15291->15289 15292 a38b7e 15313 a3890c 15292->15313 15295 a38b96 SetLastError 15293->15295 15295->15287 15297 a38de9 _free 17 API calls 15298 a38b8f 15297->15298 15298->15286 15298->15295 15300 a3b138 _abort 5 API calls 15299->15300 15301 a3b322 15300->15301 15302 a3b33a TlsGetValue 15301->15302 15305 a3b32e 15301->15305 15302->15305 15303 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15304 a3b34b 15303->15304 15304->15282 15305->15303 15307 a3b138 _abort 5 API calls 15306->15307 15308 a3b378 15307->15308 15309 a3b393 TlsSetValue 15308->15309 15310 a3b387 15308->15310 15309->15310 15311 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15310->15311 15312 a38b77 15311->15312 15312->15291 15312->15292 15318 a388e4 15313->15318 15324 a38824 15318->15324 15320 a38908 15321 a38894 15320->15321 15330 a38728 15321->15330 15323 a388b8 15323->15297 15325 a38830 __FrameHandler3::FrameUnwindToState 15324->15325 15326 a3b0d1 _abort EnterCriticalSection 15325->15326 15327 a3883a 15326->15327 15328 a38860 _abort LeaveCriticalSection 15327->15328 15329 a38858 _abort 15328->15329 15329->15320 15331 a38734 __FrameHandler3::FrameUnwindToState 15330->15331 15332 a3b0d1 _abort EnterCriticalSection 15331->15332 15333 a3873e 15332->15333 15334 a38a5a _abort 20 API calls 15333->15334 15335 a38756 15334->15335 15336 a3876c _abort LeaveCriticalSection 15335->15336 15337 a38764 _abort 15336->15337 15337->15323 15339 a38b29 _abort 20 API calls 15338->15339 15340 a345db 15339->15340 15341 a3463a 15340->15341 15344 a345e9 15340->15344 15349 a3466d IsProcessorFeaturePresent 15341->15349 15343 a3463f 15345 a345c5 __mbsinc 26 API calls 15343->15345 15346 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15344->15346 15347 a3464c 15345->15347 15348 a34610 15346->15348 15347->15228 15348->15228 15350 a34678 15349->15350 15353 a34476 15350->15353 15354 a34492 ___scrt_fastfail 15353->15354 15355 a344be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15354->15355 15356 a3458f ___scrt_fastfail 15355->15356 15357 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15356->15357 15358 a345ad GetCurrentProcess TerminateProcess 15357->15358 15358->15343 15359->15231 15360->15214 15361->15186 15363 a34132 15362->15363 15365 a34158 15362->15365 15364 a34142 FreeLibrary 15363->15364 15363->15365 15364->15363 15365->15100 15367 a3122c GetStartupInfoW 15366->15367 15367->14647 15370 a233e0 ___scrt_fastfail 15368->15370 15369 a23653 15371 a23669 15369->15371 15372 a2389f 15369->15372 15378 a2368b 15369->15378 15370->15369 15370->15372 15628 a22bb0 15370->15628 15374 a22bb0 45 API calls 15371->15374 15371->15378 15640 a23c10 15372->15640 15374->15378 15375 a238a4 15377 a23c10 45 API calls 15375->15377 15376 a237aa 15380 a238ae 15376->15380 15388 a2382a 15376->15388 15382 a238a9 15377->15382 15378->15375 15378->15376 15387 a237db 15378->15387 15385 a34650 26 API calls 15380->15385 15381 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15383 a2389b 15381->15383 15384 a34650 26 API calls 15382->15384 15389 a27fe0 GetVersionExW 15383->15389 15384->15380 15386 a238b3 15385->15386 15387->15382 15387->15388 15388->15381 15390 a28049 GetLastError 15389->15390 15391 a2800e 15389->15391 15710 a27da0 15390->15710 15392 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15391->15392 15394 a254cb 15392->15394 15394->14653 15394->14654 15396 a3203a __CxxThrowException@8 RaiseException 15397 a28071 15396->15397 15399 a27f73 GetLastError 15398->15399 15400 a27eba GetTokenInformation 15398->15400 15402 a27da0 27 API calls 15399->15402 15715 a30ce3 15400->15715 15404 a27f87 15402->15404 15405 a3203a __CxxThrowException@8 RaiseException 15404->15405 15406 a27f95 GetLastError 15405->15406 15408 a27da0 27 API calls 15406->15408 15411 a27fa9 15408->15411 15410 a27fb7 GetLastError 15412 a27da0 27 API calls 15410->15412 15414 a3203a __CxxThrowException@8 RaiseException 15411->15414 15415 a27fcb 15412->15415 15414->15410 15417 a3203a __CxxThrowException@8 RaiseException 15415->15417 15419 a27fd9 15417->15419 15422 a280ae 15421->15422 15423 a280bf GetCurrentProcess 15421->15423 15424 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15422->15424 15426 a280e0 15423->15426 15425 a280bb 15424->15425 15425->14657 15427 a28101 GetLastError 15426->15427 15428 a280e6 15426->15428 15430 a27da0 27 API calls 15427->15430 15429 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15428->15429 15431 a280fd 15429->15431 15432 a28115 15430->15432 15431->14657 15433 a3203a __CxxThrowException@8 RaiseException 15432->15433 15434 a28123 15433->15434 15436 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15435->15436 15437 a23b68 CreateMutexW 15436->15437 15437->14670 15437->14671 15716 a2b0e0 15438->15716 15553 a211c2 SetForegroundWindow 15552->15553 15554 a211cd 15552->15554 15553->15554 15554->14672 15554->14699 15613 a24013 15612->15613 15614 a24009 15612->15614 15613->14750 16817 a34f49 15614->16817 15617 a35090 26 API calls 15616->15617 15618 a24813 15617->15618 15618->14782 15620 a241a6 15619->15620 15621 a24188 15619->15621 15620->14716 15621->15620 15622 a24199 Sleep 15621->15622 15622->15620 15622->15621 15629 a22d47 15628->15629 15630 a22be0 15628->15630 15655 a23c00 15629->15655 15633 a22c1a 15630->15633 15634 a22c4e 15630->15634 15645 a30bcf 15633->15645 15636 a30bcf 22 API calls 15634->15636 15638 a22c38 15634->15638 15636->15638 15637 a34650 26 API calls 15637->15629 15638->15637 15639 a22d15 15638->15639 15639->15370 15700 a305bd 15640->15700 15647 a30bd4 15645->15647 15648 a30bee 15647->15648 15649 a37f33 _abort 7 API calls 15647->15649 15651 a30bf0 15647->15651 15662 a35196 15647->15662 15648->15638 15649->15647 15650 a3151f 15652 a3203a __CxxThrowException@8 RaiseException 15650->15652 15651->15650 15671 a3203a 15651->15671 15654 a3153c 15652->15654 15674 a3059d 15655->15674 15664 a38e23 15662->15664 15663 a38e61 15666 a3517e __mbsinc 20 API calls 15663->15666 15664->15663 15665 a38e4c HeapAlloc 15664->15665 15669 a38e35 _abort 15664->15669 15667 a38e5f 15665->15667 15665->15669 15668 a38e66 15666->15668 15667->15668 15668->15647 15669->15663 15669->15665 15670 a37f33 _abort 7 API calls 15669->15670 15670->15669 15672 a3205a RaiseException 15671->15672 15672->15650 15679 a304eb 15674->15679 15677 a3203a __CxxThrowException@8 RaiseException 15678 a305bc 15677->15678 15682 a30493 15679->15682 15685 a32a76 15682->15685 15684 a304bf 15684->15677 15686 a32a83 15685->15686 15687 a32ab0 15685->15687 15686->15687 15688 a35196 ___std_exception_copy 21 API calls 15686->15688 15687->15684 15689 a32aa0 15688->15689 15689->15687 15691 a385fe 15689->15691 15692 a3860b 15691->15692 15693 a38619 15691->15693 15692->15693 15698 a38630 15692->15698 15694 a3517e __mbsinc 20 API calls 15693->15694 15695 a38621 15694->15695 15696 a34640 __mbsinc 26 API calls 15695->15696 15697 a3862b 15696->15697 15697->15687 15698->15697 15699 a3517e __mbsinc 20 API calls 15698->15699 15699->15695 15707 a3054b 15700->15707 15703 a3203a __CxxThrowException@8 RaiseException 15704 a305dc 15703->15704 15705 a27ae6 ___delayLoadHelper2@8 17 API calls 15704->15705 15706 a305f4 15705->15706 15708 a30493 std::exception::exception 27 API calls 15707->15708 15709 a3055d 15708->15709 15709->15703 15711 a32a76 ___std_exception_copy 27 API calls 15710->15711 15712 a27ddd 15711->15712 15713 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15712->15713 15714 a27df9 15713->15714 15714->15396 15801 a2b780 15716->15801 15719 a2b741 16026 a29da0 15719->16026 15720 a2b12c 15726 a2b780 39 API calls 15720->15726 15722 a2b74b 15723 a29da0 RaiseException 15722->15723 15724 a2b755 15723->15724 15725 a29da0 RaiseException 15724->15725 15727 a2b75f 15725->15727 15728 a2b152 15726->15728 15729 a29da0 RaiseException 15727->15729 15728->15722 15730 a2b15c 15728->15730 15731 a2b769 15729->15731 15735 a2b780 39 API calls 15730->15735 15732 a29da0 RaiseException 15731->15732 15733 a2b773 15732->15733 15734 a34650 26 API calls 15733->15734 15736 a2b778 15734->15736 15737 a2b182 15735->15737 15738 a34650 26 API calls 15736->15738 15737->15724 15739 a2b18c 15737->15739 15740 a2b77d 15738->15740 15741 a2b780 39 API calls 15739->15741 15742 a2b1b2 15741->15742 15742->15727 15743 a2b1bc 15742->15743 15816 a29530 15743->15816 15745 a2b1f2 15746 a2b780 39 API calls 15745->15746 15747 a2b20a 15746->15747 15747->15731 15748 a2b214 15747->15748 15887 a28dc0 15748->15887 15750 a2b24f 15905 a29450 CryptCreateHash 15750->15905 15753 a28dc0 35 API calls 15754 a2b287 15753->15754 15755 a29450 31 API calls 15754->15755 15756 a2b2a5 15755->15756 15916 a2c500 15756->15916 15802 a2b7b1 15801->15802 15814 a2b79d 15801->15814 16030 a30aca EnterCriticalSection 15802->16030 15804 a30aca 5 API calls 15806 a2b81b 15804->15806 15805 a2b7bb 15807 a2b7c7 GetProcessHeap 15805->15807 15805->15814 15809 a30f59 29 API calls 15806->15809 15815 a2b122 15806->15815 16035 a30f59 15807->16035 15811 a2b874 15809->15811 15813 a30a80 4 API calls 15811->15813 15813->15815 15814->15804 15814->15815 15815->15719 15815->15720 15817 a2b780 39 API calls 15816->15817 15818 a29566 15817->15818 15819 a29571 15818->15819 15820 a2981a 15818->15820 15825 a2b780 39 API calls 15819->15825 15821 a29da0 RaiseException 15820->15821 15822 a29824 15821->15822 15823 a29da0 RaiseException 15822->15823 15824 a2982e 15823->15824 15826 a29da0 RaiseException 15824->15826 15827 a29595 15825->15827 15828 a29838 15826->15828 15827->15822 15829 a295a0 15827->15829 15830 a29da0 RaiseException 15828->15830 15835 a2b780 39 API calls 15829->15835 15831 a29842 15830->15831 15832 a29da0 RaiseException 15831->15832 15833 a2984c 15832->15833 15834 a29da0 RaiseException 15833->15834 15836 a29856 15834->15836 15837 a295c4 15835->15837 15838 a29da0 RaiseException 15836->15838 15837->15824 15839 a295cf 15837->15839 15840 a29860 15838->15840 15845 a2b780 39 API calls 15839->15845 15841 a29da0 RaiseException 15840->15841 15842 a2986a 15841->15842 15843 a29da0 RaiseException 15842->15843 15844 a29874 15843->15844 15846 a29da0 RaiseException 15844->15846 15847 a295f3 15845->15847 15848 a2987e 15846->15848 15847->15828 15849 a295fe 15847->15849 15850 a29da0 RaiseException 15848->15850 15855 a2b780 39 API calls 15849->15855 15851 a29888 15850->15851 15852 a29da0 RaiseException 15851->15852 15853 a29892 15852->15853 15854 a29da0 RaiseException 15853->15854 15856 a297c9 15854->15856 15857 a29622 15855->15857 15858 a29da0 RaiseException 15856->15858 15886 a297d4 15856->15886 15857->15831 15859 a2962d 15857->15859 15860 a298a6 15858->15860 15861 a2b780 39 API calls 15859->15861 15860->15745 15862 a29651 15861->15862 15862->15833 15863 a2965c 15862->15863 15864 a2b780 39 API calls 15863->15864 15865 a29680 15864->15865 15865->15836 15866 a2968b 15865->15866 15867 a2b780 39 API calls 15866->15867 15868 a296af 15867->15868 15868->15840 15869 a296ba 15868->15869 15870 a2b780 39 API calls 15869->15870 15871 a296de 15870->15871 15871->15842 15872 a296e9 15871->15872 15873 a2b780 39 API calls 15872->15873 15874 a2970d 15873->15874 15874->15844 15875 a29718 15874->15875 15876 a2b780 39 API calls 15875->15876 15877 a2973c 15876->15877 15877->15848 15878 a29747 15877->15878 15879 a2b780 39 API calls 15878->15879 15880 a2976b 15879->15880 15880->15851 15881 a29776 15880->15881 15882 a2b780 39 API calls 15881->15882 15883 a2979a 15882->15883 15883->15853 15884 a297a5 15883->15884 15885 a2b780 39 API calls 15884->15885 15885->15856 15886->15745 15888 a28e3e ___scrt_fastfail 15887->15888 15889 a27fe0 30 API calls 15888->15889 15890 a28e46 15889->15890 15891 a28e5c CryptAcquireContextA 15890->15891 15892 a28e4d lstrcatA 15890->15892 15893 a28ea7 GetLastError 15891->15893 15894 a28e77 15891->15894 15892->15891 15895 a27da0 27 API calls 15893->15895 15896 a28e82 CryptReleaseContext 15894->15896 15897 a28e8b 15894->15897 15898 a28ebe 15895->15898 15896->15897 15899 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15897->15899 15900 a3203a __CxxThrowException@8 RaiseException 15898->15900 15901 a28ea3 15899->15901 15902 a28ecf 15900->15902 15901->15750 15903 a28ed6 CryptReleaseContext 15902->15903 15904 a28edf 15902->15904 15903->15904 15904->15750 15906 a2947a 15905->15906 15907 a2949f GetLastError 15905->15907 15909 a29488 CryptDestroyHash 15906->15909 15910 a2948f 15906->15910 15908 a27da0 27 API calls 15907->15908 15912 a294b3 15908->15912 15909->15910 15911 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15910->15911 15913 a29499 15911->15913 15914 a3203a __CxxThrowException@8 RaiseException 15912->15914 15913->15753 15915 a294c1 15914->15915 15917 a2b780 39 API calls 15916->15917 15918 a2c53d 15917->15918 15919 a2c547 15918->15919 15920 a2c88c 15918->15920 15926 a2b780 39 API calls 15919->15926 15921 a29da0 RaiseException 15920->15921 15922 a2c896 15921->15922 15923 a29da0 RaiseException 15922->15923 15924 a2c8a0 15923->15924 15925 a29da0 RaiseException 15924->15925 15927 a2c8aa 15925->15927 15928 a2c56a 15926->15928 15929 a29da0 RaiseException 15927->15929 15928->15922 15930 a2c574 15928->15930 15931 a2c8b4 15929->15931 15932 a2b780 39 API calls 15930->15932 15933 a2c594 15932->15933 15933->15924 15935 a2c59e 15933->15935 15934 a2c5f7 GetSystemDirectoryW 15937 a2c607 GetLastError 15934->15937 15939 a2c614 15934->15939 15935->15934 16082 a2c920 15935->16082 15937->15939 15939->15927 15940 a2c677 GetVolumePathNameW 15939->15940 15941 a2c920 RaiseException 15939->15941 15944 a2c7fd 15939->15944 15942 a2c688 GetLastError 15940->15942 15948 a2c693 15940->15948 15943 a2c671 15941->15943 15942->15948 15943->15940 15945 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15944->15945 15946 a2b3f1 15945->15946 15962 a2a100 15946->15962 15947 a2c6e5 GetVolumeNameForVolumeMountPointW 15950 a2c6f6 GetLastError 15947->15950 15958 a2c701 15947->15958 15948->15927 15948->15944 15948->15947 15949 a2c920 RaiseException 15948->15949 15951 a2c6e2 15949->15951 15950->15958 15951->15947 15952 a2c79e CreateFileW 15953 a2c7c3 DeviceIoControl 15952->15953 15954 a2c7b8 GetLastError 15952->15954 15955 a2c7e3 GetLastError 15953->15955 15956 a2c7ee 15953->15956 15954->15944 15957 a2c7f6 CloseHandle 15955->15957 15956->15957 15957->15944 15958->15927 15958->15944 15958->15952 15959 a2c789 15958->15959 15961 a2c920 RaiseException 15958->15961 15959->15927 15960 a2c795 15959->15960 15960->15952 15961->15959 15963 a2b780 39 API calls 15962->15963 15964 a2a144 15963->15964 15965 a2a4b7 15964->15965 15966 a2a14e GetVersion 15964->15966 15967 a29da0 RaiseException 15965->15967 16101 a29ff0 15966->16101 15968 a2a4c1 15967->15968 15969 a29da0 RaiseException 15968->15969 15971 a2a4cb 15969->15971 15973 a29da0 RaiseException 15971->15973 15975 a2a4d5 15973->15975 15974 a2a19a CreateFileW 15976 a2a1c7 15974->15976 15977 a2a1b9 GetLastError 15974->15977 15978 a2cc40 RaiseException 15975->15978 15979 a35196 ___std_exception_copy 21 API calls 15976->15979 15982 a2a46e 15977->15982 15980 a2a4da 15978->15980 15981 a2a1d1 ___scrt_fastfail 15979->15981 15985 a2a1f6 DeviceIoControl 15981->15985 15988 a2a1dd 15981->15988 15984 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 15982->15984 15983 a2a465 CloseHandle 15983->15982 15987 a2a4b3 15984->15987 15986 a2a22b GetLastError 15985->15986 15991 a2a239 15985->15991 15986->15983 16017 a2a4e0 15987->16017 15988->15983 15989 a2a41b 15992 a2a422 15989->15992 15993 a2a438 15989->15993 15990 a2a265 15995 a2b780 39 API calls 15990->15995 15991->15988 15991->15989 15991->15990 15994 a2cb70 27 API calls 15992->15994 16000 a2cb70 27 API calls 15993->16000 15996 a2a42e 15994->15996 15998 a2a26e 15995->15998 15999 a2cc50 43 API calls 15996->15999 15998->15968 16003 a2a279 15998->16003 15999->15988 16001 a2a454 16000->16001 16002 a2cc50 43 API calls 16001->16002 16002->15988 16003->15971 16004 a2a2bb 16003->16004 16114 a2c8c0 16003->16114 16118 a2cdd0 16004->16118 16007 a2a2cc 16007->15971 16008 a2a2fa 16007->16008 16009 a2a3d7 16008->16009 16012 a2a334 16008->16012 16013 a2a35a 16008->16013 16148 a2cb70 16009->16148 16012->15975 16012->16013 16014 a2a385 16012->16014 16015 a2a39e 16013->16015 16128 a2cfb0 16014->16128 16015->16013 16170 a2cc50 16015->16170 16018 a2b780 39 API calls 16017->16018 16019 a2a523 16018->16019 16020 a29da0 RaiseException 16019->16020 16021 a2a8e1 16020->16021 16022 a29da0 RaiseException 16021->16022 16023 a2a8eb 16022->16023 16024 a2cc40 RaiseException 16023->16024 16025 a2a8f0 16024->16025 16027 a29daf 16026->16027 16028 a3203a __CxxThrowException@8 RaiseException 16027->16028 16029 a29dbd 16028->16029 16029->15722 16033 a30ade 16030->16033 16032 a30ae3 LeaveCriticalSection 16032->15805 16033->16032 16042 a30b5e 16033->16042 16045 a30f1e 16035->16045 16038 a30a80 EnterCriticalSection LeaveCriticalSection 16039 a30b1c 16038->16039 16040 a30b25 16039->16040 16041 a30b4a SetEvent ResetEvent 16039->16041 16040->15814 16041->15814 16043 a30b97 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 16042->16043 16044 a30b6b 16042->16044 16043->16044 16044->16033 16046 a30f42 16045->16046 16047 a30f3b 16045->16047 16054 a3838c 16046->16054 16051 a3831c 16047->16051 16050 a2b802 16050->16038 16052 a3838c __onexit 29 API calls 16051->16052 16053 a3832e 16052->16053 16053->16050 16057 a38093 16054->16057 16060 a37fc9 16057->16060 16059 a380b7 16059->16050 16061 a37fd5 __FrameHandler3::FrameUnwindToState 16060->16061 16068 a3b0d1 EnterCriticalSection 16061->16068 16063 a37fe3 16069 a381db 16063->16069 16065 a37ff0 16079 a3800e 16065->16079 16067 a38001 _abort 16067->16059 16068->16063 16070 a381f9 16069->16070 16077 a381f1 __onexit __crt_fast_encode_pointer 16069->16077 16071 a38252 16070->16071 16073 a38586 __onexit 29 API calls 16070->16073 16070->16077 16072 a38586 __onexit 29 API calls 16071->16072 16071->16077 16075 a38268 16072->16075 16074 a38248 16073->16074 16076 a38de9 _free 20 API calls 16074->16076 16078 a38de9 _free 20 API calls 16075->16078 16076->16071 16077->16065 16078->16077 16080 a3b121 _abort LeaveCriticalSection 16079->16080 16081 a38018 16080->16081 16081->16067 16083 a2c939 16082->16083 16087 a2c947 16082->16087 16089 a29f40 16083->16089 16085 a2c5f4 16085->15934 16087->16085 16093 a2c9d0 16087->16093 16090 a29f69 16089->16090 16098 a2cc40 16090->16098 16095 a2c9e3 16093->16095 16094 a2cc40 RaiseException 16097 a2ca15 16094->16097 16095->16094 16096 a2ca06 16095->16096 16096->16085 16097->16085 16099 a29da0 RaiseException 16098->16099 16100 a2cc4a 16099->16100 16102 a2a005 ___scrt_initialize_default_local_stdio_options 16101->16102 16103 a2a071 16101->16103 16198 a3706b 16102->16198 16104 a29da0 RaiseException 16103->16104 16113 a2a07b 16103->16113 16105 a2a097 16104->16105 16106 a29da0 RaiseException 16105->16106 16108 a2a0a1 16106->16108 16108->15974 16110 a2a054 16201 a3708f 16110->16201 16111 a2c920 RaiseException 16111->16110 16113->15974 16115 a2c8e7 16114->16115 16116 a2c913 16115->16116 16480 a2c980 16115->16480 16116->16004 16123 a2cde8 16118->16123 16120 a2ce96 16122 a352a8 42 API calls 16120->16122 16127 a2cf12 16120->16127 16122->16120 16123->16120 16126 a2ce64 16123->16126 16485 a355d7 16123->16485 16489 a352a8 16123->16489 16494 a35279 16123->16494 16124 a35279 42 API calls 16124->16126 16126->16120 16126->16124 16127->16007 16129 a2cfc0 16128->16129 16130 a2cfbb 16128->16130 16131 a2cfc7 16129->16131 16134 a2cfdf ___scrt_fastfail 16129->16134 16130->16015 16132 a3517e __mbsinc 20 API calls 16131->16132 16133 a2cfcc 16132->16133 16135 a34640 __mbsinc 26 API calls 16133->16135 16137 a2cfef 16134->16137 16138 a2d011 16134->16138 16139 a2d02b 16134->16139 16136 a2cfd7 16135->16136 16136->16015 16137->16015 16140 a3517e __mbsinc 20 API calls 16138->16140 16141 a2d021 16139->16141 16142 a3517e __mbsinc 20 API calls 16139->16142 16143 a2d016 16140->16143 16141->16015 16144 a2d034 16142->16144 16145 a34640 __mbsinc 26 API calls 16143->16145 16146 a34640 __mbsinc 26 API calls 16144->16146 16145->16141 16147 a2d03f 16146->16147 16147->16015 16149 a2cb81 16148->16149 16154 a2cb8e 16148->16154 16569 a29dd0 16149->16569 16151 a29da0 RaiseException 16153 a2cc3f 16151->16153 16155 a2cbca 16154->16155 16158 a2c8c0 RaiseException 16154->16158 16165 a2cbe8 BuildCatchObjectHelperInternal 16154->16165 16156 a2cbd4 16155->16156 16157 a2cc0e 16155->16157 16160 a2cbea 16156->16160 16161 a2cbd8 16156->16161 16159 a2cfb0 26 API calls 16157->16159 16158->16155 16159->16165 16164 a3517e __mbsinc 20 API calls 16160->16164 16160->16165 16162 a3517e __mbsinc 20 API calls 16161->16162 16163 a2cbdd 16162->16163 16167 a34640 __mbsinc 26 API calls 16163->16167 16168 a2cbf4 16164->16168 16165->16151 16166 a2cc24 16165->16166 16166->16013 16167->16165 16169 a34640 __mbsinc 26 API calls 16168->16169 16169->16165 16171 a2ccb7 16170->16171 16174 a2cc5f 16170->16174 16173 a37266 42 API calls 16171->16173 16191 a2cd88 16171->16191 16177 a2ccdd 16173->16177 16182 a2cc8e 16174->16182 16574 a37266 16174->16574 16577 a371c2 16174->16577 16175 a371c2 __mbsinc 38 API calls 16175->16177 16177->16175 16178 a37266 42 API calls 16177->16178 16181 a2ccfc 16177->16181 16178->16177 16179 a29da0 RaiseException 16183 a2cdaf 16179->16183 16180 a2cd27 16185 a2cd53 16180->16185 16186 a2cd3c 16180->16186 16196 a2cd4c BuildCatchObjectHelperInternal 16180->16196 16181->16180 16184 a2c8c0 RaiseException 16181->16184 16181->16191 16195 a2cd96 16181->16195 16182->16171 16182->16191 16194 a2c8c0 RaiseException 16182->16194 16184->16180 16190 a3517e __mbsinc 20 API calls 16185->16190 16185->16196 16188 a3517e __mbsinc 20 API calls 16186->16188 16189 a2cd41 16188->16189 16192 a34640 __mbsinc 26 API calls 16189->16192 16193 a2cd60 16190->16193 16191->16179 16191->16195 16192->16196 16197 a34640 __mbsinc 26 API calls 16193->16197 16194->16171 16195->15988 16585 a29d00 16196->16585 16197->16196 16204 a35bc9 16198->16204 16426 a35d4e 16201->16426 16203 a370ae 16203->16103 16205 a35bf1 16204->16205 16206 a35c09 16204->16206 16207 a3517e __mbsinc 20 API calls 16205->16207 16206->16205 16208 a35c11 16206->16208 16209 a35bf6 16207->16209 16221 a34dd3 16208->16221 16211 a34640 __mbsinc 26 API calls 16209->16211 16219 a35c01 16211->16219 16214 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16216 a2a026 16214->16216 16216->16105 16216->16110 16216->16111 16219->16214 16222 a34df0 16221->16222 16228 a34de6 16221->16228 16222->16228 16249 a38aa5 GetLastError 16222->16249 16224 a34e11 16269 a38d51 16224->16269 16229 a36089 16228->16229 16230 a360a8 16229->16230 16231 a3517e __mbsinc 20 API calls 16230->16231 16232 a35c99 16231->16232 16233 a363a8 16232->16233 16309 a34e82 16233->16309 16235 a363cd 16236 a3517e __mbsinc 20 API calls 16235->16236 16237 a363d2 16236->16237 16239 a34640 __mbsinc 26 API calls 16237->16239 16238 a35ca4 16246 a360be 16238->16246 16239->16238 16240 a363b8 16240->16235 16240->16238 16316 a36505 16240->16316 16323 a36941 16240->16323 16328 a3653f 16240->16328 16333 a36568 16240->16333 16364 a366e4 16240->16364 16247 a38de9 _free 20 API calls 16246->16247 16248 a360ce 16247->16248 16248->16219 16250 a38ac1 16249->16250 16251 a38abb 16249->16251 16252 a3a272 _abort 20 API calls 16250->16252 16256 a38b10 SetLastError 16250->16256 16253 a3b2fb _abort 11 API calls 16251->16253 16254 a38ad3 16252->16254 16253->16250 16255 a38adb 16254->16255 16257 a3b351 _abort 11 API calls 16254->16257 16258 a38de9 _free 20 API calls 16255->16258 16256->16224 16259 a38af0 16257->16259 16260 a38ae1 16258->16260 16259->16255 16261 a38af7 16259->16261 16262 a38b1c SetLastError 16260->16262 16263 a3890c _abort 20 API calls 16261->16263 16277 a38658 16262->16277 16265 a38b02 16263->16265 16267 a38de9 _free 20 API calls 16265->16267 16268 a38b09 16267->16268 16268->16256 16268->16262 16270 a38d64 16269->16270 16272 a34e2a 16269->16272 16270->16272 16288 a3bdf4 16270->16288 16273 a38d7e 16272->16273 16274 a38d91 16273->16274 16275 a38da6 16273->16275 16274->16275 16300 a3acee 16274->16300 16275->16228 16278 a3c0a6 _abort EnterCriticalSection LeaveCriticalSection 16277->16278 16279 a3865d 16278->16279 16280 a38668 16279->16280 16281 a3c101 _abort 37 API calls 16279->16281 16282 a38690 16280->16282 16283 a38672 IsProcessorFeaturePresent 16280->16283 16281->16280 16285 a37d76 _abort 28 API calls 16282->16285 16284 a3867d 16283->16284 16286 a34476 _abort 8 API calls 16284->16286 16287 a3869a 16285->16287 16286->16282 16289 a3be00 __FrameHandler3::FrameUnwindToState 16288->16289 16290 a38aa5 _abort 38 API calls 16289->16290 16291 a3be09 16290->16291 16292 a3be57 _abort 16291->16292 16293 a3b0d1 _abort EnterCriticalSection 16291->16293 16292->16272 16294 a3be27 16293->16294 16295 a3be6b __fassign 20 API calls 16294->16295 16296 a3be3b 16295->16296 16297 a3be5a __fassign LeaveCriticalSection 16296->16297 16298 a3be4e 16297->16298 16298->16292 16299 a38658 _abort 38 API calls 16298->16299 16299->16292 16301 a3acfa __FrameHandler3::FrameUnwindToState 16300->16301 16302 a38aa5 _abort 38 API calls 16301->16302 16304 a3ad04 16302->16304 16303 a3b0d1 _abort EnterCriticalSection 16303->16304 16304->16303 16305 a3ad88 _abort 16304->16305 16306 a3ad7f __fassign LeaveCriticalSection 16304->16306 16307 a38658 _abort 38 API calls 16304->16307 16308 a38de9 _free 20 API calls 16304->16308 16305->16275 16306->16304 16307->16304 16308->16304 16310 a34e87 16309->16310 16311 a34e9a 16309->16311 16312 a3517e __mbsinc 20 API calls 16310->16312 16311->16240 16313 a34e8c 16312->16313 16314 a34640 __mbsinc 26 API calls 16313->16314 16315 a34e97 16314->16315 16315->16240 16317 a3650a 16316->16317 16318 a36521 16317->16318 16319 a3517e __mbsinc 20 API calls 16317->16319 16318->16240 16320 a36513 16319->16320 16321 a34640 __mbsinc 26 API calls 16320->16321 16322 a3651e 16321->16322 16322->16240 16324 a36952 16323->16324 16325 a36948 16323->16325 16324->16240 16388 a3621a 16325->16388 16329 a36546 16328->16329 16331 a36550 16328->16331 16330 a3621a 39 API calls 16329->16330 16332 a3654f 16330->16332 16331->16240 16332->16240 16334 a36571 16333->16334 16335 a3658b 16333->16335 16337 a36776 16334->16337 16338 a3670b 16334->16338 16339 a365bc 16334->16339 16336 a3517e __mbsinc 20 API calls 16335->16336 16335->16339 16340 a365a8 16336->16340 16342 a3677d 16337->16342 16343 a367bc 16337->16343 16349 a3674d 16337->16349 16338->16349 16352 a36717 16338->16352 16339->16240 16341 a34640 __mbsinc 26 API calls 16340->16341 16345 a365b3 16341->16345 16346 a36724 16342->16346 16347 a36782 16342->16347 16419 a36e13 16343->16419 16345->16240 16350 a36746 16346->16350 16362 a36732 16346->16362 16411 a36a2c 16346->16411 16347->16349 16351 a36787 16347->16351 16348 a3675d 16348->16350 16391 a36b9e 16348->16391 16349->16350 16349->16362 16405 a36c36 16349->16405 16358 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16350->16358 16355 a3679a 16351->16355 16356 a3678c 16351->16356 16352->16346 16352->16348 16352->16362 16399 a36d80 16355->16399 16356->16350 16395 a36df4 16356->16395 16361 a3693d 16358->16361 16361->16240 16362->16350 16422 a36f46 16362->16422 16365 a36776 16364->16365 16366 a3670b 16364->16366 16367 a3674d 16365->16367 16369 a3677d 16365->16369 16370 a367bc 16365->16370 16366->16367 16368 a36717 16366->16368 16374 a36c36 26 API calls 16367->16374 16386 a36732 16367->16386 16387 a36746 16367->16387 16373 a3675d 16368->16373 16379 a36724 16368->16379 16368->16386 16372 a36782 16369->16372 16369->16379 16371 a36e13 26 API calls 16370->16371 16371->16386 16372->16367 16376 a36787 16372->16376 16382 a36b9e 40 API calls 16373->16382 16373->16387 16374->16386 16375 a36a2c 48 API calls 16375->16386 16377 a3679a 16376->16377 16378 a3678c 16376->16378 16381 a36d80 26 API calls 16377->16381 16383 a36df4 26 API calls 16378->16383 16378->16387 16379->16375 16379->16386 16379->16387 16380 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16384 a3693d 16380->16384 16381->16386 16382->16386 16383->16386 16384->16240 16385 a36f46 40 API calls 16385->16387 16386->16385 16386->16387 16387->16380 16389 a39132 39 API calls 16388->16389 16390 a36243 16389->16390 16390->16240 16392 a36bca 16391->16392 16393 a3915e __fassign 40 API calls 16392->16393 16394 a36bf9 16392->16394 16393->16394 16394->16362 16396 a36e00 16395->16396 16397 a36c36 26 API calls 16396->16397 16398 a36e12 16397->16398 16398->16362 16401 a36d95 16399->16401 16400 a3517e __mbsinc 20 API calls 16402 a36d9e 16400->16402 16401->16400 16404 a36da9 16401->16404 16403 a34640 __mbsinc 26 API calls 16402->16403 16403->16404 16404->16362 16406 a36c47 16405->16406 16407 a3517e __mbsinc 20 API calls 16406->16407 16410 a36c71 16406->16410 16408 a36c66 16407->16408 16409 a34640 __mbsinc 26 API calls 16408->16409 16409->16410 16410->16362 16412 a36a48 16411->16412 16413 a35de0 21 API calls 16412->16413 16414 a36a95 16413->16414 16415 a39b3d 40 API calls 16414->16415 16416 a36b0f 16415->16416 16417 a361be 46 API calls 16416->16417 16418 a36b2e 16416->16418 16417->16418 16418->16362 16420 a36c36 26 API calls 16419->16420 16421 a36e2a 16420->16421 16421->16362 16424 a36fa6 16422->16424 16425 a36f58 16422->16425 16423 a3915e __fassign 40 API calls 16423->16425 16424->16350 16425->16423 16425->16424 16427 a35d59 16426->16427 16428 a35d6e 16426->16428 16430 a3517e __mbsinc 20 API calls 16427->16430 16429 a35db2 16428->16429 16431 a35d7c 16428->16431 16432 a3517e __mbsinc 20 API calls 16429->16432 16433 a35d5e 16430->16433 16442 a35a44 16431->16442 16435 a35daa 16432->16435 16436 a34640 __mbsinc 26 API calls 16433->16436 16439 a34640 __mbsinc 26 API calls 16435->16439 16438 a35d69 16436->16438 16438->16203 16440 a35dc2 16439->16440 16440->16203 16441 a3517e __mbsinc 20 API calls 16441->16435 16443 a35a84 16442->16443 16444 a35a6c 16442->16444 16443->16444 16446 a35a8c 16443->16446 16445 a3517e __mbsinc 20 API calls 16444->16445 16447 a35a71 16445->16447 16448 a34dd3 __fassign 38 API calls 16446->16448 16450 a34640 __mbsinc 26 API calls 16447->16450 16449 a35a9c 16448->16449 16452 a36089 20 API calls 16449->16452 16451 a35a7c 16450->16451 16453 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16451->16453 16454 a35b14 16452->16454 16455 a35ba6 16453->16455 16459 a36278 16454->16459 16455->16440 16455->16441 16457 a360be 20 API calls 16457->16451 16460 a34e82 26 API calls 16459->16460 16472 a36288 16460->16472 16461 a3629d 16462 a3517e __mbsinc 20 API calls 16461->16462 16463 a362a2 16462->16463 16465 a34640 __mbsinc 26 API calls 16463->16465 16464 a35b1f 16464->16457 16465->16464 16467 a36941 39 API calls 16467->16472 16468 a3653f 39 API calls 16468->16472 16469 a36568 50 API calls 16469->16472 16470 a36505 26 API calls 16470->16472 16471 a366e4 50 API calls 16471->16472 16472->16461 16472->16464 16472->16467 16472->16468 16472->16469 16472->16470 16472->16471 16473 a36edf 16472->16473 16474 a36ee5 16473->16474 16475 a36efe 16473->16475 16474->16475 16476 a3517e __mbsinc 20 API calls 16474->16476 16475->16472 16477 a36ef0 16476->16477 16478 a34640 __mbsinc 26 API calls 16477->16478 16479 a36efb 16478->16479 16479->16472 16481 a2c993 16480->16481 16482 a2cc40 RaiseException 16481->16482 16484 a2c9b6 16481->16484 16483 a2c9c5 16482->16483 16484->16116 16486 a355e5 16485->16486 16488 a355ef 16485->16488 16499 a355a3 16486->16499 16488->16123 16490 a352b6 16489->16490 16491 a352c4 16489->16491 16559 a35214 16490->16559 16491->16123 16495 a35287 16494->16495 16496 a35295 16494->16496 16564 a351d9 16495->16564 16496->16123 16502 a3541f 16499->16502 16503 a34dd3 __fassign 38 API calls 16502->16503 16504 a35433 16503->16504 16505 a3543e 16504->16505 16506 a35489 16504->16506 16514 a35586 16505->16514 16507 a354b0 16506->16507 16517 a38e71 16506->16517 16510 a3517e __mbsinc 20 API calls 16507->16510 16511 a354b6 16507->16511 16510->16511 16520 a390c7 16511->16520 16513 a35448 16513->16488 16525 a34ec7 16514->16525 16518 a34dd3 __fassign 38 API calls 16517->16518 16519 a38e84 16518->16519 16519->16507 16521 a34dd3 __fassign 38 API calls 16520->16521 16522 a390da 16521->16522 16532 a38eaa 16522->16532 16526 a34ed3 16525->16526 16527 a34ee9 16525->16527 16526->16527 16529 a34edb 16526->16529 16528 a34e9d 38 API calls 16527->16528 16530 a34ee7 16528->16530 16531 a38c7f 42 API calls 16529->16531 16530->16513 16531->16530 16533 a38ec5 16532->16533 16534 a38eeb MultiByteToWideChar 16533->16534 16535 a3909f 16534->16535 16536 a38f15 16534->16536 16537 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16535->16537 16541 a38e23 __onexit 21 API calls 16536->16541 16542 a38f36 __alloca_probe_16 16536->16542 16538 a390b2 16537->16538 16538->16513 16539 a38feb 16545 a39112 __freea 20 API calls 16539->16545 16540 a38f7f MultiByteToWideChar 16540->16539 16543 a38f98 16540->16543 16541->16542 16542->16539 16542->16540 16544 a3b40c 11 API calls 16543->16544 16546 a38faf 16544->16546 16545->16535 16546->16539 16547 a38fc2 16546->16547 16548 a38ffa 16546->16548 16547->16539 16551 a3b40c 11 API calls 16547->16551 16549 a38e23 __onexit 21 API calls 16548->16549 16553 a3901b __alloca_probe_16 16548->16553 16549->16553 16550 a39090 16552 a39112 __freea 20 API calls 16550->16552 16551->16539 16552->16539 16553->16550 16554 a3b40c 11 API calls 16553->16554 16555 a3906f 16554->16555 16555->16550 16556 a3907e WideCharToMultiByte 16555->16556 16556->16550 16557 a390be 16556->16557 16558 a39112 __freea 20 API calls 16557->16558 16558->16539 16560 a34dd3 __fassign 38 API calls 16559->16560 16561 a35227 16560->16561 16562 a34ec7 42 API calls 16561->16562 16563 a35235 16562->16563 16563->16123 16565 a34dd3 __fassign 38 API calls 16564->16565 16566 a351ec 16565->16566 16567 a34ec7 42 API calls 16566->16567 16568 a351fd 16567->16568 16568->16123 16570 a29e08 16569->16570 16571 a29e17 16569->16571 16570->16571 16572 a29da0 RaiseException 16570->16572 16571->16013 16573 a29e8a 16572->16573 16594 a37279 16574->16594 16578 a371e3 16577->16578 16579 a371cf 16577->16579 16631 a3a065 16578->16631 16580 a3517e __mbsinc 20 API calls 16579->16580 16582 a371d4 16580->16582 16583 a34640 __mbsinc 26 API calls 16582->16583 16584 a371df 16583->16584 16584->16174 16586 a29d0b 16585->16586 16587 a29d31 16586->16587 16588 a29d27 16586->16588 16589 a29d19 16586->16589 16590 a29da0 RaiseException 16586->16590 16592 a29da0 RaiseException 16587->16592 16591 a29da0 RaiseException 16588->16591 16589->16191 16590->16588 16591->16587 16593 a29d3b 16592->16593 16595 a34dd3 __fassign 38 API calls 16594->16595 16596 a3728c 16595->16596 16597 a372a8 16596->16597 16598 a37298 16596->16598 16602 a371fd 16597->16602 16600 a34ec7 42 API calls 16598->16600 16601 a37275 16600->16601 16601->16174 16603 a37211 16602->16603 16604 a37215 16602->16604 16603->16601 16606 a3a07d 16604->16606 16607 a34dd3 __fassign 38 API calls 16606->16607 16608 a3a09d MultiByteToWideChar 16607->16608 16610 a3a0db 16608->16610 16616 a3a173 16608->16616 16617 a3a0fc __alloca_probe_16 ___scrt_fastfail 16610->16617 16620 a38e23 16610->16620 16611 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16613 a3a196 16611->16613 16613->16603 16614 a3a16d 16627 a39112 16614->16627 16616->16611 16617->16614 16618 a3a141 MultiByteToWideChar 16617->16618 16618->16614 16619 a3a15d GetStringTypeW 16618->16619 16619->16614 16621 a38e61 16620->16621 16625 a38e31 _abort 16620->16625 16623 a3517e __mbsinc 20 API calls 16621->16623 16622 a38e4c HeapAlloc 16624 a38e5f 16622->16624 16622->16625 16623->16624 16624->16617 16625->16621 16625->16622 16626 a37f33 _abort 7 API calls 16625->16626 16626->16625 16628 a3912f 16627->16628 16629 a3911e 16627->16629 16628->16616 16629->16628 16630 a38de9 _free 20 API calls 16629->16630 16630->16628 16634 a3a00c 16631->16634 16635 a34dd3 __fassign 38 API calls 16634->16635 16636 a3a020 16635->16636 16636->16584 16818 a34f56 16817->16818 16819 a3517e __mbsinc 20 API calls 16818->16819 16820 a34f65 16818->16820 16821 a34f5b 16819->16821 16820->15613 16822 a34640 __mbsinc 26 API calls 16821->16822 16822->16820 16863 a37b4d _abort 16862->16863 16864 a37b65 16863->16864 16884 a37c9b GetModuleHandleW 16863->16884 16893 a3b0d1 EnterCriticalSection 16864->16893 16868 a37c0b 16897 a37c4b 16868->16897 16872 a37be2 16876 a37bfa 16872->16876 16880 a37a8d _abort 5 API calls 16872->16880 16873 a37b6d 16873->16868 16873->16872 16894 a38332 16873->16894 16874 a37c54 16908 a41b19 16874->16908 16875 a37c28 16900 a37c5a 16875->16900 16881 a37a8d _abort 5 API calls 16876->16881 16880->16876 16881->16868 16885 a37b59 16884->16885 16885->16864 16886 a37cdf GetModuleHandleExW 16885->16886 16887 a37d09 GetProcAddress 16886->16887 16888 a37d1e 16886->16888 16887->16888 16889 a37d32 FreeLibrary 16888->16889 16890 a37d3b 16888->16890 16889->16890 16891 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16890->16891 16892 a37d45 16891->16892 16892->16864 16893->16873 16911 a3806b 16894->16911 16933 a3b121 LeaveCriticalSection 16897->16933 16899 a37c24 16899->16874 16899->16875 16934 a3b516 16900->16934 16903 a37c88 16906 a37cdf _abort 8 API calls 16903->16906 16904 a37c68 GetPEB 16904->16903 16905 a37c78 GetCurrentProcess TerminateProcess 16904->16905 16905->16903 16907 a37c90 ExitProcess 16906->16907 16909 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16908->16909 16910 a41b24 16909->16910 16910->16910 16914 a3801a 16911->16914 16913 a3808f 16913->16872 16915 a38026 __FrameHandler3::FrameUnwindToState 16914->16915 16922 a3b0d1 EnterCriticalSection 16915->16922 16917 a38034 16923 a380bb 16917->16923 16921 a38052 _abort 16921->16913 16922->16917 16926 a380e3 16923->16926 16927 a380db 16923->16927 16924 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16925 a38041 16924->16925 16929 a3805f 16925->16929 16926->16927 16928 a38de9 _free 20 API calls 16926->16928 16927->16924 16928->16927 16932 a3b121 LeaveCriticalSection 16929->16932 16931 a38069 16931->16921 16932->16931 16933->16899 16935 a3b53b 16934->16935 16939 a3b531 16934->16939 16936 a3b138 _abort 5 API calls 16935->16936 16936->16939 16937 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16938 a37c64 16937->16938 16938->16903 16938->16904 16939->16937 16943 a3bf6d 16940->16943 16946 a3bf86 16943->16946 16944 a30bbe __ehhandler$___std_fs_get_file_id@8 5 API calls 16945 a30f10 16944->16945 16945->15073 16946->16944

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00A252F0 Relevance: 229.8, APIs: 95, Strings: 35, Instructions: 2278synchronizationfileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000103), ref: 00A2548F
                                                                                                                                                                  • Part of subcall function 00A27FE0: GetVersionExW.KERNEL32(?), ref: 00A28004
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00A254D6
                                                                                                                                                                  • Part of subcall function 00A27E70: OpenProcessToken.ADVAPI32(00A254E2,00000008,?,6CF146CE,?,00000000), ref: 00A27EAC
                                                                                                                                                                  • Part of subcall function 00A27E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00A420C0), ref: 00A27ED9
                                                                                                                                                                  • Part of subcall function 00A27E70: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00A27F15
                                                                                                                                                                  • Part of subcall function 00A27E70: IsValidSid.ADVAPI32 ref: 00A27F22
                                                                                                                                                                  • Part of subcall function 00A27E70: GetSidSubAuthorityCount.ADVAPI32 ref: 00A27F31
                                                                                                                                                                  • Part of subcall function 00A27E70: GetSidSubAuthority.ADVAPI32(?,?), ref: 00A27F3D
                                                                                                                                                                  • Part of subcall function 00A27E70: CloseHandle.KERNELBASE(00000000), ref: 00A27F4F
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,0000052F), ref: 00A254FC
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 00A2550A
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000000C1), ref: 00A25593
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 00A255A2
                                                                                                                                                                • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 00A255D9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A255E9
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000420), ref: 00A25602
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A275E3
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A275F4
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A27605
                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00A276A1
                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00A276B3
                                                                                                                                                                • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 00A276EF
                                                                                                                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00A27707
                                                                                                                                                                • ReleaseMutex.KERNEL32(?), ref: 00A27718
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A2771F
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A27817
                                                                                                                                                                  • Part of subcall function 00A23B70: #17.COMCTL32 ref: 00A23B84
                                                                                                                                                                  • Part of subcall function 00A23B70: LoadStringW.USER32(00A20000,000003E9,?,00000000), ref: 00A23BA1
                                                                                                                                                                  • Part of subcall function 00A23B70: LoadStringW.USER32(00A20000,?,?,00000000), ref: 00A23BBA
                                                                                                                                                                  • Part of subcall function 00A23B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00A23BCF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExchangeInterlocked$CloseHandle$LoadToken$AuthorityCreateInformationMutexProcessString_wcsrchr$CopyCountCurrentErrorFileHardHelper2@8LastLinkMessageOpenReleaseValidVersion___delay
                                                                                                                                                                • String ID: $ /cookie:$ /edat_dir:$ /ga_clientid:$ /sub_edition:$%s\%s$/cookie$/cust_ini$/ppi_icd$/silent$/smbupd$AuthorizationType$Avast One$D$Enabled$Password$Port$Properties$ProxySettings$ProxyType$User$User-Agent: avast! Antivirus (instup)$allow_fallback$avcfg://settings/Common/VersionSwitch$count$enable$http://$https://$installer.exe$mirror$server0$servers$stable$urlpgm${versionSwitch}
                                                                                                                                                                • API String ID: 1722064709-657827273
                                                                                                                                                                • Opcode ID: 737264c12ab6f51c91cb76e59c6a034e0f1840ebe9a1b6397a46202cd4575fb3
                                                                                                                                                                • Instruction ID: 1ed3d6ba201cd26978f0be91c27194509203ae308fc60b2eb139e6c0e615a7fd
                                                                                                                                                                • Opcode Fuzzy Hash: 737264c12ab6f51c91cb76e59c6a034e0f1840ebe9a1b6397a46202cd4575fb3
                                                                                                                                                                • Instruction Fuzzy Hash: 4A237D76E012289BEF24DB68DD45BEDB7B8BF45304F1042E9E509A3182DB70AB85CF51
                                                                                                                                                                Function 00A221B0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 241timelibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • KillTimer.USER32(?,00000001), ref: 00A22233
                                                                                                                                                                • InterlockedExchange.KERNEL32(050FF2B4,00000000), ref: 00A22244
                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00A22250
                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00A2226E
                                                                                                                                                                • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 00A222B5
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00A222BC
                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00A222D8
                                                                                                                                                                • SetTimer.USER32(?,00000001,00000019,?), ref: 00A2230B
                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00A22317
                                                                                                                                                                • DefWindowProcW.USER32(?,00000010,?,?), ref: 00A22401
                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00A2242E
                                                                                                                                                                  • Part of subcall function 00A21FC0: CreateSolidBrush.GDI32(00824049), ref: 00A22021
                                                                                                                                                                  • Part of subcall function 00A21FC0: CreateSolidBrush.GDI32(00F67000), ref: 00A22064
                                                                                                                                                                  • Part of subcall function 00A21FC0: BeginPaint.USER32(?,?), ref: 00A22074
                                                                                                                                                                  • Part of subcall function 00A21FC0: FillRect.USER32(?,?), ref: 00A220E3
                                                                                                                                                                  • Part of subcall function 00A21FC0: FillRect.USER32(?,?), ref: 00A2210D
                                                                                                                                                                  • Part of subcall function 00A21FC0: EndPaint.USER32(?,?), ref: 00A22118
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProcWindow$Rect$BrushCreateFillPaintSolidTimer$AddressBeginExchangeHandleInterlockedKillModuleVersion
                                                                                                                                                                • String ID: DwmSetWindowAttribute$ShutdownBlockReasonCreate$dwmapi.dll$user32.dll
                                                                                                                                                                • API String ID: 190927372-2496381605
                                                                                                                                                                • Opcode ID: 733c8452518ba1484a1971f140d1b24363a73de946bb796f5f98645319f059ce
                                                                                                                                                                • Instruction ID: 16d77327c8b66e54c27ec2f93a1ce697da6a0131e78950f5576719128ebdcb61
                                                                                                                                                                • Opcode Fuzzy Hash: 733c8452518ba1484a1971f140d1b24363a73de946bb796f5f98645319f059ce
                                                                                                                                                                • Instruction Fuzzy Hash: 0571A63A600218BBDF20DFA8EC89FFEB778FB9A711F000469F505962A1C7764951DB61
                                                                                                                                                                Function 00A227B0 Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 698 a227b0-a227ce 699 a227d0-a227d2 698->699 700 a227d9 698->700 699->700 702 a227d4-a227d7 699->702 701 a227db-a227dd 700->701 703 a227e5 701->703 704 a227df-a227e3 701->704 702->701 705 a227e7-a22808 call a23b30 703->705 704->703 704->705 709 a22817-a2282f 705->709 710 a2280a-a22812 GetLastError 705->710 715 a22831-a22839 GetLastError 709->715 716 a2283e-a2286a 709->716 711 a22b75-a22b90 SetLastError call a30bbe 710->711 717 a22b6c 715->717 719 a22879-a2287d 716->719 720 a2286c-a22874 GetLastError 716->720 717->711 722 a228b6-a228b9 719->722 723 a2287f-a22884 719->723 721 a22b62-a22b6b 720->721 721->717 725 a22924-a22934 722->725 726 a228bb-a228d5 722->726 723->722 724 a22886-a228b0 723->724 724->722 734 a22b53-a22b59 GetLastError 724->734 727 a22981-a22983 725->727 728 a22936-a22938 725->728 726->734 736 a228db-a228ec call a27fe0 726->736 733 a22988-a229a3 727->733 728->727 731 a2293a-a2293d 728->731 731->727 735 a2293f-a2294c GetFileSizeEx 731->735 733->734 741 a229a9-a229b4 733->741 738 a22b5b 734->738 735->734 739 a22952-a22955 735->739 747 a228f5-a2291e 736->747 748 a228ee 736->748 738->721 742 a22957-a2295a 739->742 743 a22985 739->743 741->734 751 a229ba-a229db 741->751 745 a22960-a2297f wsprintfW 742->745 746 a2295c-a2295e 742->746 743->733 745->733 746->743 746->745 747->725 747->734 748->747 751->734 754 a229e1-a229ed 751->754 754->738 755 a229f3-a229f9 754->755 755->738 756 a229ff-a22a03 755->756 757 a22a43-a22a60 756->757 758 a22a05-a22a0b 756->758 762 a22a62-a22a6d GetLastError 757->762 763 a22a73-a22a77 757->763 758->757 759 a22a0d-a22a28 SetFilePointerEx 758->759 759->734 761 a22a2e-a22a39 SetEndOfFile 759->761 761->734 764 a22a3f 761->764 762->734 762->763 765 a22a8a-a22aa3 GetProcessHeap RtlAllocateHeap 763->765 766 a22a79-a22a7e 763->766 764->757 765->734 768 a22aa9-a22aae 765->768 766->765 767 a22a80-a22a84 InterlockedExchange 766->767 767->765 769 a22ab0-a22ac5 768->769 771 a22ac7-a22ade WriteFile 769->771 772 a22afe-a22b04 GetLastError 769->772 771->772 774 a22ae0-a22aea 771->774 773 a22b06-a22b0b 772->773 775 a22b3c-a22b51 GetProcessHeap RtlFreeHeap 773->775 776 a22b0d-a22b0f 773->776 777 a22af4-a22af7 774->777 778 a22aec-a22aee InterlockedExchangeAdd 774->778 775->738 776->775 779 a22b11-a22b25 SetFilePointerEx 776->779 777->773 780 a22af9-a22afc 777->780 778->777 781 a22b27-a22b32 SetEndOfFile 779->781 782 a22b34-a22b3a GetLastError 779->782 780->769 781->775 781->782 782->775
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$FileSizewsprintf
                                                                                                                                                                • String ID: %hs%d-$Range: bytes=
                                                                                                                                                                • API String ID: 297799064-2301081422
                                                                                                                                                                • Opcode ID: ea375c9c80ac15b999bf7faca02a07f890d028e41324b67e74910c09c0d9a487
                                                                                                                                                                • Instruction ID: 03a12f4246e1cb846d02ca01bec7ceb4eaf75eb79395e46a2e992bda26e018ba
                                                                                                                                                                • Opcode Fuzzy Hash: ea375c9c80ac15b999bf7faca02a07f890d028e41324b67e74910c09c0d9a487
                                                                                                                                                                • Instruction Fuzzy Hash: 98C14C75A00315BBEF20CFA9EC48FAEBBB9BF44701F144528E906DA190D771D946CB20
                                                                                                                                                                Function 00A2BB70 Relevance: 39.3, APIs: 13, Strings: 9, Instructions: 777filelibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 783 a2bb70-a2bbdd GetVersion 784 a2bbe8-a2bbf0 783->784 785 a2bbdf-a2bbe6 783->785 787 a2bbf6-a2bc11 GetModuleHandleW GetProcAddress 784->787 788 a2bcf5-a2bd2c GetModuleHandleW GetProcAddress 784->788 786 a2bc58-a2bc92 call a35191 * 3 call a30bbe 785->786 787->786 789 a2bc13-a2bc2c GetSystemFirmwareTable 787->789 791 a2bd32-a2bd71 788->791 792 a2bf1a 788->792 799 a2bc55 789->799 800 a2bc2e-a2bc4c call a35196 789->800 791->792 811 a2bd77-a2bd95 MapViewOfFile 791->811 794 a2bf1c 792->794 797 a2bf21-a2bf2d 794->797 802 a2bf39-a2bf3b 797->802 803 a2bf2f-a2bf36 CloseHandle 797->803 799->786 818 a2bc93-a2bcbd call a31ee0 GetSystemFirmwareTable 800->818 819 a2bc4e 800->819 804 a2bf41-a2bf59 call a2cb00 802->804 805 a2c45d-a2c45f 802->805 803->802 821 a2bf87-a2bf9f call a2cb00 804->821 822 a2bf5b-a2bf75 call a2c490 804->822 805->786 812 a2c465-a2c46c UnmapViewOfFile 805->812 816 a2bf16-a2bf18 811->816 817 a2bd9b-a2bd9f 811->817 812->786 816->794 823 a2bda0-a2bda6 817->823 818->799 844 a2bcbf-a2bccd 818->844 819->799 838 a2bfa1-a2bfc2 call a2c490 * 2 821->838 839 a2bfc5-a2bfdd call a2cb00 821->839 834 a2bf77 822->834 835 a2bf7f-a2bf83 822->835 826 a2bdb5-a2bdbe 823->826 827 a2bda8-a2bdb3 823->827 831 a2bf12-a2bf14 826->831 832 a2bdc4-a2bdc9 826->832 827->823 827->826 831->794 832->831 836 a2bdcf-a2bdd1 832->836 834->821 841 a2bf79-a2bf7d 834->841 835->821 842 a2bdd3-a2bdd5 836->842 843 a2bddb-a2bde7 836->843 838->839 851 a2c003-a2c01b call a2cb00 839->851 852 a2bfdf-a2c000 call a2c490 * 2 839->852 841->821 841->835 842->831 842->843 843->831 849 a2bded-a2bdf4 843->849 847 a2bccf-a2bcd7 844->847 848 a2bcdc-a2bcf0 844->848 847->799 848->804 849->831 853 a2bdfa-a2be02 849->853 863 a2c05c 851->863 864 a2c01d-a2c031 851->864 852->851 853->831 858 a2be08-a2be10 853->858 858->831 861 a2be16-a2be25 858->861 861->831 865 a2be2b-a2be67 UnmapViewOfFile MapViewOfFile 861->865 866 a2c060-a2c070 call a2b780 863->866 868 a2c033 864->868 869 a2c03b-a2c059 call a2c490 * 2 864->869 870 a2bf0d-a2bf10 865->870 871 a2be6d-a2be8d call a35196 865->871 882 a2c471-a2c476 call a29da0 866->882 883 a2c076-a2c0ae call a2cb00 866->883 868->863 875 a2c035-a2c039 868->875 869->863 870->794 880 a2be9f-a2bedd call a31ee0 call a317c0 UnmapViewOfFile 871->880 881 a2be8f-a2be9a 871->881 875->863 875->869 880->797 881->797 888 a2c47b-a2c485 call a29da0 882->888 897 a2c0b4-a2c0b9 883->897 898 a2c389-a2c39e 883->898 899 a2c0cb-a2c0e2 call a2c490 897->899 900 a2c0bb 897->900 901 a2c3a0-a2c3b0 898->901 902 a2c3b7-a2c3bc 898->902 917 a2c1a5-a2c1b9 call a2c490 899->917 918 a2c0e8-a2c108 899->918 903 a2c352-a2c367 900->903 904 a2c0c1-a2c0c5 900->904 925 a2c3b4 901->925 906 a2c3c7-a2c3dd call a2cb00 902->906 907 a2c3be 902->907 912 a2c369-a2c379 903->912 913 a2c37d-a2c381 903->913 904->899 904->903 923 a2c3f7-a2c3fa 906->923 924 a2c3df-a2c3f4 call a2c490 906->924 910 a2c3c0-a2c3c5 907->910 911 a2c3fc 907->911 910->906 921 a2c403-a2c405 910->921 919 a2c407-a2c420 call a2cb00 911->919 920 a2c3fe 911->920 912->913 913->866 916 a2c387 913->916 916->925 940 a2c1bf-a2c1df 917->940 941 a2c27c-a2c293 call a2c490 917->941 918->888 926 a2c10e-a2c110 918->926 932 a2c45a 919->932 942 a2c422-a2c455 call a2c490 * 3 919->942 928 a2c400 920->928 929 a2c457 920->929 921->919 921->929 923->911 924->923 925->902 933 a2c112-a2c114 926->933 934 a2c116-a2c123 call a35637 926->934 928->921 929->932 932->805 938 a2c125-a2c131 933->938 934->938 938->888 946 a2c137-a2c139 938->946 940->888 944 a2c1e5-a2c1e7 940->944 941->903 955 a2c299-a2c2b6 941->955 942->932 948 a2c1e9-a2c1eb 944->948 949 a2c1ed-a2c1fa call a35637 944->949 946->888 951 a2c13f-a2c153 946->951 953 a2c1fc-a2c208 948->953 949->953 956 a2c155-a2c166 call a2c8c0 951->956 957 a2c168 951->957 953->888 959 a2c20e-a2c210 953->959 955->888 963 a2c2bc-a2c2be 955->963 961 a2c16b-a2c193 call a2cfb0 956->961 957->961 959->888 966 a2c216-a2c22a 959->966 961->888 980 a2c199-a2c1a1 961->980 969 a2c2c0-a2c2c2 963->969 970 a2c2c4-a2c2d1 call a35637 963->970 973 a2c23f 966->973 974 a2c22c-a2c23d call a2c8c0 966->974 971 a2c2d3-a2c2df 969->971 970->971 971->888 979 a2c2e5-a2c2e7 971->979 981 a2c242-a2c26a call a2cfb0 973->981 974->981 979->888 983 a2c2ed-a2c301 979->983 980->917 981->888 989 a2c270-a2c278 981->989 985 a2c303-a2c314 call a2c8c0 983->985 986 a2c316 983->986 990 a2c319-a2c343 call a2cfb0 985->990 986->990 989->941 990->888 994 a2c349-a2c34e 990->994 994->903
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersion.KERNEL32(6CF146CE,00000000,00000000), ref: 00A2BBCD
                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 00A2BC00
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00A2BC07
                                                                                                                                                                • GetSystemFirmwareTable.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A2BC26
                                                                                                                                                                • GetSystemFirmwareTable.KERNELBASE ref: 00A2BCB9
                                                                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll,NtOpenSection), ref: 00A2BD1B
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00A2BD22
                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,000F0000,00010000), ref: 00A2BD88
                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 00A2BE31
                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,?,?), ref: 00A2BE5A
                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 00A2BECA
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A2BF30
                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 00A2C466
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileView$HandleUnmap$AddressFirmwareModuleProcSystemTable$CloseVersion
                                                                                                                                                                • String ID: ,$@$GetSystemFirmwareTable$NtOpenSection$W$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                • API String ID: 26960555-752303837
                                                                                                                                                                • Opcode ID: 312fec6d99083f41b3249b564891889d5cf42178e667e3659759d7233e26fd7d
                                                                                                                                                                • Instruction ID: da9358c583680b9147981b747a42594e132668e428af3345f67e67638845ead9
                                                                                                                                                                • Opcode Fuzzy Hash: 312fec6d99083f41b3249b564891889d5cf42178e667e3659759d7233e26fd7d
                                                                                                                                                                • Instruction Fuzzy Hash: B852C175E00628AFCB10DFACDD45BAEBBB9BF49324F144129E945AB341D735AD02CB90
                                                                                                                                                                Function 00A21930 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 243commemoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 995 a21930-a21960 FindResourceW 996 a21962-a21977 SizeofResource LoadResource 995->996 997 a219d1-a219d6 995->997 996->997 1000 a21979-a21984 LockResource 996->1000 998 a21bd9-a21beb call a30bbe 997->998 999 a219dc-a219ee CoInitializeEx 997->999 1001 a21a96-a21a9b 999->1001 1002 a219f4-a21a0e CoCreateInstance 999->1002 1000->997 1004 a21986-a21995 GlobalAlloc 1000->1004 1005 a21aad-a21ab2 1001->1005 1006 a21a9d-a21aab 1001->1006 1002->1001 1009 a21a14-a21a2c 1002->1009 1004->997 1008 a21997-a219a0 GlobalLock 1004->1008 1012 a21bb5-a21bd8 call a30bbe 1005->1012 1013 a21ab8-a21ae7 1005->1013 1006->1005 1010 a219a2-a219bd call a317c0 GlobalUnlock CreateStreamOnHGlobal 1008->1010 1011 a219c3-a219c8 1008->1011 1009->1001 1024 a21a2e-a21a4a 1009->1024 1010->1011 1011->999 1016 a219ca-a219cb GlobalFree 1011->1016 1025 a21ba5-a21bb3 1013->1025 1026 a21aed-a21af2 1013->1026 1016->997 1024->1001 1035 a21a4c-a21a50 1024->1035 1025->1012 1026->1025 1029 a21af8-a21afd 1026->1029 1029->1025 1032 a21b03-a21b68 GetDC CreateDIBSection ReleaseDC 1029->1032 1032->1025 1034 a21b6a-a21b8f 1032->1034 1038 a21b91-a21b93 1034->1038 1035->1001 1036 a21a52-a21a70 1035->1036 1036->1001 1042 a21a72-a21a7e call a27809 1036->1042 1038->1025 1040 a21b95-a21b9e DeleteObject 1038->1040 1040->1025 1044 a21a83-a21a94 1042->1044 1044->1001
                                                                                                                                                                APIs
                                                                                                                                                                • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?), ref: 00A21956
                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,?,?), ref: 00A21964
                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,?), ref: 00A2196F
                                                                                                                                                                • LockResource.KERNEL32(00000000,?,?,?), ref: 00A2197A
                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000002,?,?,?,?), ref: 00A2198B
                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00A21998
                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00A219B0
                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?), ref: 00A219BD
                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00A219CB
                                                                                                                                                                • CoInitializeEx.OLE32(00000000,00000000,?,?,?), ref: 00A219E6
                                                                                                                                                                • CoCreateInstance.OLE32(00A43EF4,00000000,00000001,00A4366C,?,?,?,?), ref: 00A21A06
                                                                                                                                                                • GetDC.USER32(00000000), ref: 00A21B3B
                                                                                                                                                                • CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 00A21B52
                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00A21B5E
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00A21B98
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Global$Resource$Create$Lock$AllocDeleteFindFreeInitializeInstanceLoadObjectReleaseSectionSizeofStreamUnlock
                                                                                                                                                                • String ID: ($PNG
                                                                                                                                                                • API String ID: 3552602207-4064097209
                                                                                                                                                                • Opcode ID: 64fc1063facee658cf55a50350ff4cbedbc712df12a1c1ff381c4aea1abbb521
                                                                                                                                                                • Instruction ID: 3987cb4ad4054ffa2aadfc1a5c73b51a4a9bea3ae623629891075ba081983256
                                                                                                                                                                • Opcode Fuzzy Hash: 64fc1063facee658cf55a50350ff4cbedbc712df12a1c1ff381c4aea1abbb521
                                                                                                                                                                • Instruction Fuzzy Hash: B491707AA01229AFDF00DFD9DC85BAEBBB8FF89700F104169E505A7250DB719E41CB90
                                                                                                                                                                Function 00A241B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 132stringtimeCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00A241D4
                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A241ED
                                                                                                                                                                • GetVersionExA.KERNEL32(0000009C,?,?,00989680,00000000), ref: 00A24217
                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(?), ref: 00A2422E
                                                                                                                                                                • wsprintfA.USER32 ref: 00A242DC
                                                                                                                                                                • wsprintfA.USER32 ref: 00A242FF
                                                                                                                                                                • lstrcatA.KERNEL32(?,?), ref: 00A24316
                                                                                                                                                                • lstrlenA.KERNEL32(?), ref: 00A2436E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: SystemTimewsprintf$FileInfoNativeUnothrow_t@std@@@Version__ehfuncinfo$??2@lstrcatlstrlen
                                                                                                                                                                • String ID: status=%08lxstatus_microstub=%08lx%08lx$AMD64$cookie=%lsedition=%ldevent=%smidex=%lsstat_session=%lsstatsSendTime=%I64dos=win,%d,%d,%d,%d,%d,%s%sexe_version=%lsSfxVersion=%ls$microstub$srv
                                                                                                                                                                • API String ID: 2179732243-3440893326
                                                                                                                                                                • Opcode ID: e3da54cdaead23c3deac8fccaecff47328720455d4c8565a1d5438e17f31409d
                                                                                                                                                                • Instruction ID: 2762750941d3fbd45eb8549a0a3f98e1abe28f419e6fcc5d634e61e40cc70ab5
                                                                                                                                                                • Opcode Fuzzy Hash: e3da54cdaead23c3deac8fccaecff47328720455d4c8565a1d5438e17f31409d
                                                                                                                                                                • Instruction Fuzzy Hash: C75161B6A00218AFCF60DFA4DC45B9ABBB9FF88305F0041E5E608A7151DB728E94DF54
                                                                                                                                                                Function 00A238C0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1126 a238c0-a238f1 CreateFileMappingW 1127 a238f3-a238fb GetLastError 1126->1127 1128 a23900-a23914 MapViewOfFile 1126->1128 1129 a23996-a239b1 SetLastError call a30bbe 1127->1129 1130 a23920-a2392d FindResourceW 1128->1130 1131 a23916-a2391e GetLastError 1128->1131 1133 a2397f-a23985 GetLastError 1130->1133 1134 a2392f-a23939 LoadResource 1130->1134 1132 a2398e-a23995 CloseHandle 1131->1132 1132->1129 1137 a23987-a23988 UnmapViewOfFile 1133->1137 1134->1133 1136 a2393b-a23953 call a30602 1134->1136 1136->1133 1141 a23955-a2397d wsprintfW 1136->1141 1137->1132 1141->1137
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileMappingW.KERNELBASE(?,00000000,01000002,00000000,00000000,00000000,?), ref: 00A238E7
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A238F3
                                                                                                                                                                • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?), ref: 00A2390A
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A23916
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A2398F
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00A23997
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$File$CloseCreateHandleMappingView
                                                                                                                                                                • String ID: %d.%d.%d.%d
                                                                                                                                                                • API String ID: 1867540158-3491811756
                                                                                                                                                                • Opcode ID: 8ed08434bee34a62d028e16cae551426ad588a21882139e475fd1fa476cf8c88
                                                                                                                                                                • Instruction ID: 540f6f7de04fe33e42d7c1efc463f872d95cf635630d3af30bed83a4b51ec5c9
                                                                                                                                                                • Opcode Fuzzy Hash: 8ed08434bee34a62d028e16cae551426ad588a21882139e475fd1fa476cf8c88
                                                                                                                                                                • Instruction Fuzzy Hash: 9621C37A600214BBDF209BA99C19FBBBB7CEF87B51F104159F906D2280DBB58A41C760
                                                                                                                                                                Function 00A2A100 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 329fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1349 a2a100-a2a148 call a2b780 1352 a2a4b7-a2a4bc call a29da0 1349->1352 1353 a2a14e-a2a1b7 GetVersion call a29ff0 CreateFileW 1349->1353 1356 a2a4c1-a2a4c6 call a29da0 1352->1356 1364 a2a1c7-a2a1db call a35196 1353->1364 1365 a2a1b9-a2a1c2 GetLastError 1353->1365 1359 a2a4cb-a2a4d0 call a29da0 1356->1359 1363 a2a4d5-a2a4da call a2cc40 1359->1363 1372 a2a1e9-a2a229 call a31ee0 DeviceIoControl 1364->1372 1373 a2a1dd-a2a1e4 1364->1373 1367 a2a46e-a2a482 call a35191 1365->1367 1375 a2a484-a2a494 1367->1375 1376 a2a498-a2a4b6 call a30bbe 1367->1376 1381 a2a22b-a2a234 GetLastError 1372->1381 1382 a2a239-a2a23e 1372->1382 1377 a2a465-a2a468 CloseHandle 1373->1377 1375->1376 1377->1367 1381->1377 1385 a2a244-a2a247 1382->1385 1386 a2a45e 1382->1386 1385->1386 1387 a2a24d-a2a252 1385->1387 1386->1377 1388 a2a41b-a2a420 1387->1388 1389 a2a258 1387->1389 1392 a2a422-a2a436 call a2cb70 call a2cc50 1388->1392 1393 a2a438-a2a43d 1388->1393 1390 a2a265-a2a273 call a2b780 1389->1390 1391 a2a25a-a2a25f 1389->1391 1390->1356 1402 a2a279-a2a29b 1390->1402 1391->1388 1391->1390 1392->1377 1395 a2a440-a2a445 1393->1395 1395->1395 1398 a2a447-a2a45c call a2cb70 call a2cc50 1395->1398 1398->1377 1402->1359 1409 a2a2a1-a2a2b0 1402->1409 1410 a2a2b2-a2a2bb call a2c8c0 1409->1410 1411 a2a2be-a2a2d7 call a2cdd0 1409->1411 1410->1411 1416 a2a2d9-a2a2db 1411->1416 1417 a2a2dd-a2a2eb call a35637 1411->1417 1418 a2a2f1-a2a2f4 1416->1418 1417->1359 1417->1418 1418->1359 1421 a2a2fa-a2a30e 1418->1421 1422 a2a3e2-a2a3f3 1421->1422 1423 a2a314-a2a321 1421->1423 1424 a2a3f5-a2a40b 1422->1424 1425 a2a40e-a2a419 call a2cc50 1422->1425 1426 a2a3d7-a2a3dd call a2cb70 1423->1426 1427 a2a327-a2a32e 1423->1427 1424->1425 1425->1377 1426->1422 1427->1426 1430 a2a334-a2a354 1427->1430 1436 a2a362-a2a37f 1430->1436 1437 a2a356-a2a358 1430->1437 1436->1363 1444 a2a385-a2a39e call a2cfb0 1436->1444 1437->1436 1438 a2a35a-a2a360 1437->1438 1439 a2a3a1-a2a3ae 1438->1439 1441 a2a3b0-a2a3c7 1439->1441 1442 a2a3ca-a2a3d5 1439->1442 1441->1442 1442->1422 1444->1439
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersion.KERNEL32 ref: 00A2A180
                                                                                                                                                                • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00A2A1A9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A2A1B9
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A2A468
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateErrorFileHandleLastVersion
                                                                                                                                                                • String ID: SCSIDISK$\\.\PhysicalDrive%u$\\.\Scsi%u:
                                                                                                                                                                • API String ID: 1515857667-131545429
                                                                                                                                                                • Opcode ID: 9ab918fdf2f224408245b53b8782a65d0e2c0b6a011e8c622b0283c227983936
                                                                                                                                                                • Instruction ID: bb7f45390c4c0dde30ecb67893a331b62707b3f460f1890738e6449e1220ddf0
                                                                                                                                                                • Opcode Fuzzy Hash: 9ab918fdf2f224408245b53b8782a65d0e2c0b6a011e8c622b0283c227983936
                                                                                                                                                                • Instruction Fuzzy Hash: FFC1BE75A00228DFDF04DFA8E985AADB7B5FF58310F148169E806AB351DB71ED01CBA1
                                                                                                                                                                Function 00A28DC0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88encryptionstringCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1449 a28dc0-a28e4b call a31ee0 call a27fe0 1454 a28e5c-a28e75 CryptAcquireContextA 1449->1454 1455 a28e4d-a28e56 lstrcatA 1449->1455 1456 a28ea7-a28ed4 GetLastError call a27da0 call a3203a 1454->1456 1457 a28e77-a28e80 1454->1457 1455->1454 1466 a28ed6-a28ed9 CryptReleaseContext 1456->1466 1467 a28edf 1456->1467 1459 a28e82-a28e85 CryptReleaseContext 1457->1459 1460 a28e8b-a28ea6 call a30bbe 1457->1460 1459->1460 1466->1467
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A27FE0: GetVersionExW.KERNEL32(?), ref: 00A28004
                                                                                                                                                                • lstrcatA.KERNEL32(?, (Prototype),?,6CF146CE,?), ref: 00A28E56
                                                                                                                                                                • CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,6CF146CE,?), ref: 00A28E6D
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,6CF146CE,?), ref: 00A28E85
                                                                                                                                                                • GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,6CF146CE,?), ref: 00A28EAC
                                                                                                                                                                  • Part of subcall function 00A27DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00A27DD8
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A28ECA
                                                                                                                                                                  • Part of subcall function 00A3203A: RaiseException.KERNEL32(?,?,00A28071,?,?,?,?,?,?,?,?,00A28071,?,00A4B144,00000000), ref: 00A3209A
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00A4B144,00000000,?,6CF146CE,?), ref: 00A28ED9
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ContextCrypt$Release$AcquireErrorExceptionException@8LastRaiseThrowVersion___std_exception_copylstrcat
                                                                                                                                                                • String ID: (Prototype)$Unable to acquire cryptographic provider!$vider
                                                                                                                                                                • API String ID: 2041426586-155044149
                                                                                                                                                                • Opcode ID: 69ef8961f903af42d00b1ff86b45f95fb0d3627f91fe8be8b162f643aa3c42f8
                                                                                                                                                                • Instruction ID: 6c54e9eeb3d611ad98011d9d44c46cef500a5db59de70de637ca6c6868c01034
                                                                                                                                                                • Opcode Fuzzy Hash: 69ef8961f903af42d00b1ff86b45f95fb0d3627f91fe8be8b162f643aa3c42f8
                                                                                                                                                                • Instruction Fuzzy Hash: 3A318479D04258ABDF20DFE8DD45BAEB7B8FB49700F104629F904E3251EB719645CB50
                                                                                                                                                                Function 00A29450 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00A28378,0000800C,6CF146CE,?), ref: 00A29470
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(?,00000000), ref: 00A29489
                                                                                                                                                                • GetLastError.KERNEL32(Unable to create hash context!), ref: 00A294A4
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A294BC
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to create hash context!, xrefs: 00A2949F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CryptHash$CreateDestroyErrorException@8LastThrow
                                                                                                                                                                • String ID: Unable to create hash context!
                                                                                                                                                                • API String ID: 1323042765-1944974401
                                                                                                                                                                • Opcode ID: 16f8cf22b8dd1bdd8036825fa22340595e2b4a1f777e0053bf72d43717ea85d4
                                                                                                                                                                • Instruction ID: 2519a69b94fde7f7848b2d08b328a96460e05c3cef47d2909803791fb7385436
                                                                                                                                                                • Opcode Fuzzy Hash: 16f8cf22b8dd1bdd8036825fa22340595e2b4a1f777e0053bf72d43717ea85d4
                                                                                                                                                                • Instruction Fuzzy Hash: 0F018679500208BFDB24EFA4DD06FAE7BB8FF45700F404569B942A7150DB31AE05CB90
                                                                                                                                                                Function 00A29250 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptGenRandom.ADVAPI32(00000008,00A29209,6CF146CE,?,00A29209,0000800C,?,?,00A4B144,00000000,?,?,?,?,00A42269,000000FF), ref: 00A292A8
                                                                                                                                                                • GetLastError.KERNEL32(Unable to generate random number!,?,00A29209,0000800C,?,?,00A4B144,00000000,?,?,?,?,00A42269,000000FF), ref: 00A29320
                                                                                                                                                                  • Part of subcall function 00A27DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00A27DD8
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A29338
                                                                                                                                                                  • Part of subcall function 00A3203A: RaiseException.KERNEL32(?,?,00A28071,?,?,?,?,?,?,?,?,00A28071,?,00A4B144,00000000), ref: 00A3209A
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to generate random number!, xrefs: 00A2931B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CryptErrorExceptionException@8LastRaiseRandomThrow___std_exception_copy
                                                                                                                                                                • String ID: Unable to generate random number!
                                                                                                                                                                • API String ID: 4207938790-1854326980
                                                                                                                                                                • Opcode ID: efe1b9c55704209346ec82d2c79542b6e90827c48a640c5f4511ffea9121635f
                                                                                                                                                                • Instruction ID: b68c5c7296bc324984e7b72acec57497298aa9347105fada3eb92da7781f9f47
                                                                                                                                                                • Opcode Fuzzy Hash: efe1b9c55704209346ec82d2c79542b6e90827c48a640c5f4511ffea9121635f
                                                                                                                                                                • Instruction Fuzzy Hash: 9521D479A40258EBCB14DFA8ED42FAEB778FB49710F100B29F612A72C1DB306940CB51
                                                                                                                                                                Function 00A2B0E0 Relevance: 3.4, APIs: 2, Instructions: 449encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A2B780: GetProcessHeap.KERNEL32(00A25644), ref: 00A2B7DC
                                                                                                                                                                  • Part of subcall function 00A28DC0: lstrcatA.KERNEL32(?, (Prototype),?,6CF146CE,?), ref: 00A28E56
                                                                                                                                                                  • Part of subcall function 00A28DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,6CF146CE,?), ref: 00A28E6D
                                                                                                                                                                  • Part of subcall function 00A28DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,6CF146CE,?), ref: 00A28E85
                                                                                                                                                                  • Part of subcall function 00A29450: CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00A28378,0000800C,6CF146CE,?), ref: 00A29470
                                                                                                                                                                  • Part of subcall function 00A29450: CryptDestroyHash.ADVAPI32(?,00000000), ref: 00A29489
                                                                                                                                                                  • Part of subcall function 00A28DC0: GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,6CF146CE,?), ref: 00A28EAC
                                                                                                                                                                  • Part of subcall function 00A28DC0: __CxxThrowException@8.LIBVCRUNTIME ref: 00A28ECA
                                                                                                                                                                  • Part of subcall function 00A28DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,00A4B144,00000000,?,6CF146CE,?), ref: 00A28ED9
                                                                                                                                                                  • Part of subcall function 00A29450: GetLastError.KERNEL32(Unable to create hash context!), ref: 00A294A4
                                                                                                                                                                  • Part of subcall function 00A29450: __CxxThrowException@8.LIBVCRUNTIME ref: 00A294BC
                                                                                                                                                                  • Part of subcall function 00A2C500: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00A2C5FD
                                                                                                                                                                  • Part of subcall function 00A2C500: GetLastError.KERNEL32(?,?,?,?,00A42548), ref: 00A2C607
                                                                                                                                                                  • Part of subcall function 00A29340: CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00A28744,00000000,6CF146CE,?,?,?,00000000), ref: 00A29395
                                                                                                                                                                  • Part of subcall function 00A29340: CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 00A293DC
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 00A2B5EF
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 00A2B623
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Crypt$Hash$ContextDestroyErrorLast$Exception@8ParamReleaseThrow$AcquireCreateDirectoryHeapProcessSystemlstrcat
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2781682779-0
                                                                                                                                                                • Opcode ID: ef83d5b273cfb1e3426ed18919af8679687eb75c933186c15ee500349547c6fe
                                                                                                                                                                • Instruction ID: 07966a6426e3d0ea20f9a14955a1bc0aa4aa94b2a9d98170982d1a8e27120733
                                                                                                                                                                • Opcode Fuzzy Hash: ef83d5b273cfb1e3426ed18919af8679687eb75c933186c15ee500349547c6fe
                                                                                                                                                                • Instruction Fuzzy Hash: A712A135D012688FDB21DB68CD44BDEB7B5AF45314F1442EAD809A7382DB35AE84CFA1
                                                                                                                                                                Function 00A282F0 Relevance: 1.6, APIs: 1, Instructions: 90encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000,00000004,?,00A28744,0000800C,6CF146CE,?), ref: 00A283CB
                                                                                                                                                                  • Part of subcall function 00A29020: CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,6CF146CE,?,?,00A28744,?,?,?,?,00A42269,000000FF), ref: 00A29088
                                                                                                                                                                  • Part of subcall function 00A29020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00A42269,000000FF), ref: 00A290A4
                                                                                                                                                                  • Part of subcall function 00A29020: CryptHashData.ADVAPI32(?,?,6CF146CE,00000000,?,?,?,?,00A42269,000000FF), ref: 00A290BB
                                                                                                                                                                  • Part of subcall function 00A29020: CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00A42269,000000FF), ref: 00A290E4
                                                                                                                                                                  • Part of subcall function 00A29020: CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00A42269,000000FF), ref: 00A29128
                                                                                                                                                                  • Part of subcall function 00A29020: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00A42269,000000FF), ref: 00A2913E
                                                                                                                                                                  • Part of subcall function 00A29020: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00A42269,000000FF), ref: 00A2914E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Crypt$Hash$Destroy$Param$ContextCreateDataRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2857581251-0
                                                                                                                                                                • Opcode ID: 031a6e519b925237224c5ad09f406cfa49ac34c387a66692f53d9ba312b35d7a
                                                                                                                                                                • Instruction ID: 85aa95bc17ca9407ff5ea680447fdd368ea888fd6524c5e46958546b6817b34f
                                                                                                                                                                • Opcode Fuzzy Hash: 031a6e519b925237224c5ad09f406cfa49ac34c387a66692f53d9ba312b35d7a
                                                                                                                                                                • Instruction Fuzzy Hash: EC3120B5D01219ABDB10EF98D982BEFBB78FF54714F004129F915B7281DB74AA04CBA0
                                                                                                                                                                Function 00A27E70 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • OpenProcessToken.ADVAPI32(00A254E2,00000008,?,6CF146CE,?,00000000), ref: 00A27EAC
                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00A420C0), ref: 00A27ED9
                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00A27F15
                                                                                                                                                                • IsValidSid.ADVAPI32 ref: 00A27F22
                                                                                                                                                                • GetSidSubAuthorityCount.ADVAPI32 ref: 00A27F31
                                                                                                                                                                • GetSidSubAuthority.ADVAPI32(?,?), ref: 00A27F3D
                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00A27F4F
                                                                                                                                                                • GetLastError.KERNEL32(Unable to open process token!), ref: 00A27F78
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A27F90
                                                                                                                                                                • GetLastError.KERNEL32(Unable to retrieve process mandatory label!,?,00A4B144,00000000), ref: 00A27F9A
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A27FB2
                                                                                                                                                                • GetLastError.KERNEL32(Unable to verify mandatory label!,?,00A4B144,00000000), ref: 00A27FBC
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A27FD4
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to retrieve process mandatory label!, xrefs: 00A27F95
                                                                                                                                                                • Unable to open process token!, xrefs: 00A27F73
                                                                                                                                                                • Unable to verify mandatory label!, xrefs: 00A27FB7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorException@8LastThrowToken$AuthorityInformation$CloseCountHandleOpenProcessValid
                                                                                                                                                                • String ID: Unable to open process token!$Unable to retrieve process mandatory label!$Unable to verify mandatory label!
                                                                                                                                                                • API String ID: 492105640-3458634299
                                                                                                                                                                • Opcode ID: b1470f8f86f4ebec059796f97915ee52b0cd2da7d87742ca94d59c6f61e2ef68
                                                                                                                                                                • Instruction ID: 0ee1c023241c61b928e70f31095a07fcb6ebd9043253fc7e09247ecff6893650
                                                                                                                                                                • Opcode Fuzzy Hash: b1470f8f86f4ebec059796f97915ee52b0cd2da7d87742ca94d59c6f61e2ef68
                                                                                                                                                                • Instruction Fuzzy Hash: 834162B9904219BFDB14DFA4DD45FAEB7B8FF89700F104629F502E2190DB759A05CB60
                                                                                                                                                                Function 00A21D90 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 168registrywindowCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1069 a21d90-a21dde 1070 a21de0-a21de3 1069->1070 1071 a21de5 1069->1071 1070->1071 1072 a21dea-a21df7 call a21930 1070->1072 1071->1072 1075 a21f8a-a21f91 1072->1075 1076 a21dfd-a21e0c GetObjectW 1072->1076 1077 a21f96-a21fb1 call a30bbe 1075->1077 1076->1075 1078 a21e12-a21ecd LoadImageW * 2 CreatePatternBrush call a23b30 KiUserCallbackDispatcher GetSystemMetrics LoadImageW SystemParametersInfoW 1076->1078 1078->1075 1083 a21ed3-a21f49 call a23b30 RegisterClassExW CreateWindowExW InterlockedExchange 1078->1083 1083->1075 1086 a21f4b 1083->1086 1087 a21f50-a21f62 KiUserCallbackDispatcher 1086->1087 1088 a21f64-a21f67 1087->1088 1089 a21f75-a21f7f 1087->1089 1088->1087 1090 a21f69-a21f73 DispatchMessageW 1088->1090 1089->1077 1090->1087
                                                                                                                                                                APIs
                                                                                                                                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 00A21E04
                                                                                                                                                                • LoadImageW.USER32(00000000,00000064,00000001,00000000,00000000,00000040), ref: 00A21E51
                                                                                                                                                                • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00A21E6C
                                                                                                                                                                • CreatePatternBrush.GDI32(00000000), ref: 00A21E76
                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(00000032), ref: 00A21E98
                                                                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 00A21EA2
                                                                                                                                                                • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00A21EB2
                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A21EC5
                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00A21F0F
                                                                                                                                                                • CreateWindowExW.USER32(00000000,?,00000000,90080000,?,?,?,?,00000000,00000000,?,?), ref: 00A21F38
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 00A21F40
                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00A21F5A
                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00A21F6D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ImageLoad$CallbackCreateDispatcherSystemUser$BrushClassDispatchExchangeInfoInterlockedMessageMetricsObjectParametersPatternRegisterWindow
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 2747924374-4108050209
                                                                                                                                                                • Opcode ID: 3acb57682f345cf659bec62125905339620aeaa02698807f961dd9de6f5e71c2
                                                                                                                                                                • Instruction ID: e28546fb900bac45fe628a56470b65af2aae000496b2235f4b5c4decaa0c1c6f
                                                                                                                                                                • Opcode Fuzzy Hash: 3acb57682f345cf659bec62125905339620aeaa02698807f961dd9de6f5e71c2
                                                                                                                                                                • Instruction Fuzzy Hash: BA514E75A40318AFEB20CFE8DD49BAEBBB8FB45700F144129F615AB2D0D7B55905CB50
                                                                                                                                                                Function 00A21020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 60libraryloadermemoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1091 a21020-a2103c HeapSetInformation GetModuleHandleW 1092 a21063-a2107b SetDllDirectoryW GetModuleHandleW 1091->1092 1093 a2103e-a2104e GetProcAddress 1091->1093 1094 a210a2-a210ac IsProcessorFeaturePresent 1092->1094 1095 a2107d-a2108d GetProcAddress 1092->1095 1093->1092 1096 a21050-a21061 1093->1096 1098 a210c6-a210d0 call a27fe0 1094->1098 1099 a210ae-a210c0 call a23b70 ExitProcess 1094->1099 1095->1094 1097 a2108f-a210a0 1095->1097 1096->1092 1096->1094 1097->1094 1107 a210d2-a210e4 call a23b70 ExitProcess 1098->1107 1108 a210ea call a308de 1098->1108 1112 a210ef-a210f0 ExitProcess 1108->1112
                                                                                                                                                                APIs
                                                                                                                                                                • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00A21029
                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00A21034
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A21044
                                                                                                                                                                • SetDllDirectoryW.KERNEL32(00A435D4), ref: 00A21068
                                                                                                                                                                • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00A21073
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,LdrEnumerateLoadedModules), ref: 00A21083
                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00A210A4
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00A210C0
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00A210E4
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00A210F0
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExitProcess$AddressHandleModuleProc$DirectoryFeatureHeapInformationPresentProcessor
                                                                                                                                                                • String ID: LdrEnumerateLoadedModules$SetDefaultDllDirectories$kernel32.dll$ntdll.dll
                                                                                                                                                                • API String ID: 1484830609-1451921263
                                                                                                                                                                • Opcode ID: 431d47b68f6cc1964f8f56aa7fd417885960a504936a7fc8034ef3603e5ce1d1
                                                                                                                                                                • Instruction ID: 85dff967fb87e039da673f88c7f05627882ac385c1fe2cf73ab8a45629fdc50f
                                                                                                                                                                • Opcode Fuzzy Hash: 431d47b68f6cc1964f8f56aa7fd417885960a504936a7fc8034ef3603e5ce1d1
                                                                                                                                                                • Instruction Fuzzy Hash: 6F11217EB843617BDE30A7F5BD1FB1D39186FA2B42F104530FA05A51D0DE928A414A96
                                                                                                                                                                Function 00A23190 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1142 a23190-a231b9 GetWindowsDirectoryW 1143 a23240-a23246 GetLastError 1142->1143 1144 a231bf-a231c2 1142->1144 1145 a23248-a2324d 1143->1145 1144->1143 1146 a231c4-a231e1 call a29250 ConvertStringSecurityDescriptorToSecurityDescriptorA 1144->1146 1147 a23256-a23272 SetLastError call a30bbe 1145->1147 1148 a2324f-a23250 LocalFree 1145->1148 1146->1143 1152 a231e3-a23217 wsprintfW CreateDirectoryW 1146->1152 1148->1147 1152->1145 1154 a23219-a2323e wsprintfW CreateDirectoryW 1152->1154 1154->1143 1154->1145
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(?,00000020,?,?,?), ref: 00A231B1
                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU),00000001,?,00000000), ref: 00A231DA
                                                                                                                                                                • wsprintfW.USER32 ref: 00A23201
                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,?), ref: 00A2320F
                                                                                                                                                                • wsprintfW.USER32 ref: 00A23228
                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,?), ref: 00A23236
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?), ref: 00A23240
                                                                                                                                                                • LocalFree.KERNEL32(?,?,?,?), ref: 00A23250
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?), ref: 00A23257
                                                                                                                                                                  • Part of subcall function 00A29250: CryptGenRandom.ADVAPI32(00000008,00A29209,6CF146CE,?,00A29209,0000800C,?,?,00A4B144,00000000,?,?,?,?,00A42269,000000FF), ref: 00A292A8
                                                                                                                                                                Strings
                                                                                                                                                                • %s\Temp\asw.%08x%08x, xrefs: 00A231F1
                                                                                                                                                                • D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU), xrefs: 00A231D5
                                                                                                                                                                • %c:\asw.%08x%08x, xrefs: 00A23222
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Directory$CreateDescriptorErrorLastSecuritywsprintf$ConvertCryptFreeLocalRandomStringWindows
                                                                                                                                                                • String ID: %c:\asw.%08x%08x$%s\Temp\asw.%08x%08x$D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU)
                                                                                                                                                                • API String ID: 1345463893-1526440225
                                                                                                                                                                • Opcode ID: 900890511029675ac2d9aaa39999f5badc6ee671c66e5b111e2d02923df50e75
                                                                                                                                                                • Instruction ID: b3c34fcdba9f4b383d5b55e8fc90757bd7b4eb86904cdf2d7e447cf4b50cd0cb
                                                                                                                                                                • Opcode Fuzzy Hash: 900890511029675ac2d9aaa39999f5badc6ee671c66e5b111e2d02923df50e75
                                                                                                                                                                • Instruction Fuzzy Hash: 6D2171B6A00218BBDF10DFE89D45DEEBBBCEF86B41F140125F905E6100D7359E468B61
                                                                                                                                                                Function 00A28520 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 243COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1155 a28520-a28560 1156 a28566-a2856e 1155->1156 1157 a28658-a2866a 1155->1157 1156->1157 1158 a28574-a28579 1156->1158 1159 a28670-a2867b 1157->1159 1160 a28801-a28819 call a27da0 call a3203a 1157->1160 1164 a28656 1158->1164 1165 a2857f-a28581 1158->1165 1161 a28862-a2887f call a27da0 call a3203a 1159->1161 1162 a28681-a28688 1159->1162 1172 a2881e-a28836 call a27da0 call a3203a 1160->1172 1166 a2868a-a2868d 1162->1166 1167 a286bd-a286c3 1162->1167 1164->1157 1165->1164 1170 a28587-a28591 1165->1170 1171 a28693-a286bb call a281a0 1166->1171 1166->1172 1167->1161 1175 a286c9-a286d0 1167->1175 1170->1164 1176 a28597-a2859d 1170->1176 1188 a28725-a28765 call a282f0 call a28880 1171->1188 1196 a2883b call a34650 1172->1196 1175->1161 1180 a286d6-a286dc 1175->1180 1176->1164 1181 a285a3-a285a9 1176->1181 1185 a286e2-a286ec 1180->1185 1186 a28845-a2885d call a27da0 call a3203a 1180->1186 1181->1164 1187 a285af-a285c1 1181->1187 1185->1186 1190 a286f2-a286fc 1185->1190 1186->1161 1191 a285c3-a285c9 1187->1191 1192 a285e8-a285f3 1187->1192 1215 a28767-a28774 1188->1215 1216 a287a9-a287ae 1188->1216 1190->1186 1197 a28702-a28722 call a2d860 1190->1197 1191->1164 1198 a285cf-a285d8 1191->1198 1194 a28602-a28608 1192->1194 1195 a285f5-a28600 1192->1195 1194->1164 1202 a2860a-a28613 1194->1202 1195->1164 1195->1194 1209 a28840 call a34650 1196->1209 1197->1188 1198->1164 1205 a285da-a285e6 1198->1205 1202->1164 1208 a28615-a2861b 1202->1208 1211 a28621-a28629 1205->1211 1208->1211 1209->1186 1211->1157 1213 a2862b-a2862d 1211->1213 1213->1157 1217 a2862f-a28631 1213->1217 1218 a28776-a28784 1215->1218 1219 a2878a-a287a2 call a30bff 1215->1219 1222 a287b0-a287bd 1216->1222 1223 a287d9-a28800 call a30bbe 1216->1223 1220 a28633-a28635 1217->1220 1221 a28638-a2863b 1217->1221 1218->1196 1218->1219 1219->1216 1220->1221 1225 a28640-a28642 1221->1225 1226 a287cf-a287d6 call a30bff 1222->1226 1227 a287bf-a287cd 1222->1227 1230 a28651-a28654 1225->1230 1231 a28644-a28648 1225->1231 1226->1223 1227->1209 1227->1226 1230->1157 1231->1230 1235 a2864a-a2864f 1231->1235 1235->1225 1235->1230
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ASWS$ASWS$ASWS$Unable to read signature!$ig2A$ig2A
                                                                                                                                                                • API String ID: 0-1997839495
                                                                                                                                                                • Opcode ID: 8c820aef3806086794bd256802adb82255eef0d18a7689a0e4f045034dbd4c0b
                                                                                                                                                                • Instruction ID: 14e1a5aee6f5e956aab7cbe656252d40dbff9976b4e4adf7330125547bbed98f
                                                                                                                                                                • Opcode Fuzzy Hash: 8c820aef3806086794bd256802adb82255eef0d18a7689a0e4f045034dbd4c0b
                                                                                                                                                                • Instruction Fuzzy Hash: 4891D2709012289BDF14DFACEA85BADB774FF45704F608139F401B7181DB79AA44CB95
                                                                                                                                                                Function 00A28410 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1237 a28410-a2844b GetFileSizeEx 1238 a28451-a28455 1237->1238 1239 a284f9 1237->1239 1241 a28471-a28486 CreateFileMappingW 1238->1241 1242 a28457 1238->1242 1240 a284fe-a28504 GetLastError 1239->1240 1243 a28505-a2851b call a27da0 call a3203a 1240->1243 1246 a28488-a2848d 1241->1246 1247 a2848f-a284ac MapViewOfFile 1241->1247 1244 a28462-a2846c 1242->1244 1245 a28459-a28460 1242->1245 1244->1243 1245->1241 1245->1244 1246->1240 1249 a284b5-a284f8 call a28520 UnmapViewOfFile CloseHandle call a30bbe 1247->1249 1250 a284ae-a284b3 1247->1250 1250->1240
                                                                                                                                                                APIs
                                                                                                                                                                • GetFileSizeEx.KERNEL32(?,00A42160,6CF146CE,?,?,?,?,?,00000000,00A42160,000000FF,?,00A226F7,?,00000000), ref: 00A28443
                                                                                                                                                                • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000,?,?,00000000,00A42160), ref: 00A2847C
                                                                                                                                                                • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,00000000,00A42160), ref: 00A284A2
                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,00000000,00A42160), ref: 00A284CE
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00A42160), ref: 00A284D5
                                                                                                                                                                • GetLastError.KERNEL32(Unable to determine file size!,?,?,00000000,00A42160,000000FF,?,00A226F7,?,00000000), ref: 00A284FE
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A28516
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$View$CloseCreateErrorException@8HandleLastMappingSizeThrowUnmap
                                                                                                                                                                • String ID: Unable to determine file size!$Unable to open file mapping!$Unable to process files over 1GB!
                                                                                                                                                                • API String ID: 3729524651-729644499
                                                                                                                                                                • Opcode ID: 0a31dcd052c5ccf8a3d17e15c98e6932e7f5f9bb11ac545b6ae78d11ec7588ab
                                                                                                                                                                • Instruction ID: bb7b2a4daf3b898eeb634ea3b454ef3363059b7d09199e18a4b0d4be4a2cb15d
                                                                                                                                                                • Opcode Fuzzy Hash: 0a31dcd052c5ccf8a3d17e15c98e6932e7f5f9bb11ac545b6ae78d11ec7588ab
                                                                                                                                                                • Instruction Fuzzy Hash: A431B93A941225BBDF21DF98EC06FEF7B74FB85B10F104129F911B6280DB74560587A4
                                                                                                                                                                Function 00A2C500 Relevance: 16.8, APIs: 11, Instructions: 316fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1258 a2c500-a2c541 call a2b780 1261 a2c547-a2c56e call a2b780 1258->1261 1262 a2c88c-a2c891 call a29da0 1258->1262 1265 a2c896-a2c89b call a29da0 1261->1265 1274 a2c574-a2c598 call a2b780 1261->1274 1262->1265 1268 a2c8a0-a2c8a5 call a29da0 1265->1268 1271 a2c8aa-a2c8b4 call a29da0 1268->1271 1274->1268 1280 a2c59e-a2c5e5 1274->1280 1283 a2c5f7-a2c605 GetSystemDirectoryW 1280->1283 1284 a2c5e7-a2c5f4 call a2c920 1280->1284 1286 a2c607-a2c612 GetLastError 1283->1286 1287 a2c614-a2c616 1283->1287 1284->1283 1289 a2c619-a2c62c call a3575e 1286->1289 1287->1289 1289->1271 1292 a2c632-a2c638 1289->1292 1292->1271 1293 a2c63e-a2c649 1292->1293 1294 a2c64f-a2c662 1293->1294 1295 a2c7fd-a2c80d 1293->1295 1298 a2c677-a2c686 GetVolumePathNameW 1294->1298 1299 a2c664-a2c674 call a2c920 1294->1299 1296 a2c826-a2c833 1295->1296 1297 a2c80f-a2c823 1295->1297 1303 a2c835-a2c845 1296->1303 1304 a2c849-a2c857 1296->1304 1297->1296 1301 a2c693-a2c6a1 call a3575e 1298->1301 1302 a2c688-a2c690 GetLastError 1298->1302 1299->1298 1301->1271 1314 a2c6a7-a2c6aa 1301->1314 1302->1301 1303->1304 1306 a2c859-a2c869 1304->1306 1307 a2c86d-a2c88b call a30bbe 1304->1307 1306->1307 1314->1271 1317 a2c6b0-a2c6bb 1314->1317 1317->1295 1318 a2c6c1-a2c6d3 1317->1318 1319 a2c6e5-a2c6f4 GetVolumeNameForVolumeMountPointW 1318->1319 1320 a2c6d5-a2c6e2 call a2c920 1318->1320 1322 a2c701-a2c70f call a3575e 1319->1322 1323 a2c6f6-a2c6fe GetLastError 1319->1323 1320->1319 1322->1271 1327 a2c715-a2c718 1322->1327 1323->1322 1327->1271 1328 a2c71e-a2c729 1327->1328 1328->1295 1329 a2c72f-a2c737 1328->1329 1330 a2c739-a2c73b 1329->1330 1331 a2c79e-a2c7b6 CreateFileW 1329->1331 1334 a2c740-a2c744 1330->1334 1332 a2c7c3-a2c7e1 DeviceIoControl 1331->1332 1333 a2c7b8-a2c7c1 GetLastError 1331->1333 1335 a2c7e3-a2c7ec GetLastError 1332->1335 1336 a2c7ee-a2c7f4 1332->1336 1333->1295 1337 a2c751 1334->1337 1338 a2c746-a2c74f 1334->1338 1339 a2c7f6-a2c7f7 CloseHandle 1335->1339 1336->1339 1340 a2c753-a2c75f 1337->1340 1338->1340 1339->1295 1340->1334 1341 a2c761-a2c763 1340->1341 1341->1331 1342 a2c765-a2c769 1341->1342 1342->1271 1343 a2c76f-a2c77e 1342->1343 1344 a2c780-a2c789 call a2c920 1343->1344 1345 a2c78c-a2c78f 1343->1345 1344->1345 1345->1271 1346 a2c795-a2c79a 1345->1346 1346->1331
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A2B780: GetProcessHeap.KERNEL32(00A25644), ref: 00A2B7DC
                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00A2C5FD
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00A42548), ref: 00A2C607
                                                                                                                                                                • GetVolumePathNameW.KERNELBASE(?,00000010,00000104,?,?,?,?,?,00A42548), ref: 00A2C67E
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00A42548), ref: 00A2C688
                                                                                                                                                                • GetVolumeNameForVolumeMountPointW.KERNELBASE(00000010,00000010,00000104,?,?,?,?,?,?,?,00A42548), ref: 00A2C6EC
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,00A42548), ref: 00A2C6F6
                                                                                                                                                                • CreateFileW.KERNELBASE(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00A2C7AB
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00A42548), ref: 00A2C7B8
                                                                                                                                                                • DeviceIoControl.KERNELBASE(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000), ref: 00A2C7D9
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00A42548), ref: 00A2C7E3
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00A42548), ref: 00A2C7F7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$Volume$Name$CloseControlCreateDeviceDirectoryFileHandleHeapMountPathPointProcessSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 204137380-0
                                                                                                                                                                • Opcode ID: 81e2e8cd43a3641e189b817083252538b54246ee1551b8f635d335bf30083744
                                                                                                                                                                • Instruction ID: a4160e116dba4d79a00187f1353b7096b0c6f80d17a51940eb2a5fb3d9c9754d
                                                                                                                                                                • Opcode Fuzzy Hash: 81e2e8cd43a3641e189b817083252538b54246ee1551b8f635d335bf30083744
                                                                                                                                                                • Instruction Fuzzy Hash: 44B1A039A006259FDB14DFACE989BADB7B5EF88720F144129E902E7390DB71AD01CF50
                                                                                                                                                                Function 00A22BA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 319fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindResourceW.KERNEL32(00A20000,?,0000000A,.edat,00000005,?,?,?,?,00000000,?,?,00000000), ref: 00A230A3
                                                                                                                                                                • LoadResource.KERNEL32(00A20000,00000000,?,?,00000000,?,?,00000000), ref: 00A230B5
                                                                                                                                                                • SizeofResource.KERNEL32(00A20000,00000000,?,?,00000000,?,?,00000000), ref: 00A230C3
                                                                                                                                                                • CreateFileW.KERNELBASE(?,00000004,00000001,00000000,00000002,00000080,00000000,?,?,00000000,?,?,00000000), ref: 00A230EE
                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,00000000), ref: 00A2310B
                                                                                                                                                                • CloseHandle.KERNELBASE(00000000,?,?,00000000,?,?,00000000), ref: 00A23112
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Resource$File$CloseCreateFindHandleLoadSizeofWrite
                                                                                                                                                                • String ID: .edat$EDAT_
                                                                                                                                                                • API String ID: 2436039785-3242799629
                                                                                                                                                                • Opcode ID: 3201d51052c6ca76f69589cdd6b608335222b38ae630759b5d112238650227a7
                                                                                                                                                                • Instruction ID: f5a4f572d27ba616d11b47ce0c5733c86d43fcfac40ee4c92bd4b9d05e922505
                                                                                                                                                                • Opcode Fuzzy Hash: 3201d51052c6ca76f69589cdd6b608335222b38ae630759b5d112238650227a7
                                                                                                                                                                • Instruction Fuzzy Hash: 08A1D676E00215ABCF14DFACDC95BEEB7B5EF49700F158239E912A7281D7349A05CBA0
                                                                                                                                                                Function 00A24020 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 81stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • &t=screenview&cd=%s, xrefs: 00A24046
                                                                                                                                                                • &t=event&ec=microstub&ea=error&el=%08lx%08lx, xrefs: 00A24081
                                                                                                                                                                • v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s, xrefs: 00A240B0
                                                                                                                                                                • &t=event&ec=microstub&ea=ok&el=%08lx, xrefs: 00A24066
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$lstrlen
                                                                                                                                                                • String ID: &t=event&ec=microstub&ea=error&el=%08lx%08lx$&t=event&ec=microstub&ea=ok&el=%08lx$&t=screenview&cd=%s$v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s
                                                                                                                                                                • API String ID: 217384638-4207265834
                                                                                                                                                                • Opcode ID: 8212a7672e8e07bbcc1e9bfc677ea75eed1a658f392fd3f5e6e519f5e6c63c15
                                                                                                                                                                • Instruction ID: 009ee95cf314ed108a883a19fc87e9564fbe97705d130aeba6adad46da820aab
                                                                                                                                                                • Opcode Fuzzy Hash: 8212a7672e8e07bbcc1e9bfc677ea75eed1a658f392fd3f5e6e519f5e6c63c15
                                                                                                                                                                • Instruction Fuzzy Hash: D731B4B6D00219ABCF20DF64DC05B8AB7B8FF59310F0041E5A609E3241EB71AB94CF95
                                                                                                                                                                Function 00A239C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindResourceW.KERNEL32(00A20000,00000001,00000010), ref: 00A239F1
                                                                                                                                                                • LoadResource.KERNEL32(00A20000,00000000), ref: 00A23A01
                                                                                                                                                                • wsprintfW.USER32 ref: 00A23A52
                                                                                                                                                                Strings
                                                                                                                                                                • \StringFileInfo\040904b0\SubEdition, xrefs: 00A23A8F
                                                                                                                                                                • %d.%d.%d.%d, xrefs: 00A23A4A
                                                                                                                                                                • \StringFileInfo\040904b0\Edition, xrefs: 00A23A67
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Resource$FindLoadwsprintf
                                                                                                                                                                • String ID: %d.%d.%d.%d$\StringFileInfo\040904b0\Edition$\StringFileInfo\040904b0\SubEdition
                                                                                                                                                                • API String ID: 1667977947-3794282237
                                                                                                                                                                • Opcode ID: 070b79dfd8b7996d0cb1c50f03839f95943072c9cbc54c09aa0007ddb318ed2a
                                                                                                                                                                • Instruction ID: bc8525244c7e1a9161ba813374b25d2ace401f8a4b52b89e27739d5796d74e15
                                                                                                                                                                • Opcode Fuzzy Hash: 070b79dfd8b7996d0cb1c50f03839f95943072c9cbc54c09aa0007ddb318ed2a
                                                                                                                                                                • Instruction Fuzzy Hash: C6316B76A00219ABDF10DF99DC42ABFB7A8EF89700F140069F905E6241EB76DA0587A0
                                                                                                                                                                Function 00A22480 Relevance: 9.1, APIs: 6, Instructions: 95sleepfileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000), ref: 00A22506
                                                                                                                                                                • SetEndOfFile.KERNELBASE(?), ref: 00A22511
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A2251B
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A22550
                                                                                                                                                                • Sleep.KERNEL32(000003E8,00000000), ref: 00A22574
                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000000), ref: 00A22585
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$File$PointerSleep
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3209234422-0
                                                                                                                                                                • Opcode ID: d69e8b819f19a727d1222667563b732465619e42533b1e2802a79859b49a56aa
                                                                                                                                                                • Instruction ID: 6bb06f90e8f9a5c3c1bd0b6e7a4ee6c34536c75a3b8bbe60ddfa3b275529fcbe
                                                                                                                                                                • Opcode Fuzzy Hash: d69e8b819f19a727d1222667563b732465619e42533b1e2802a79859b49a56aa
                                                                                                                                                                • Instruction Fuzzy Hash: C131AD79D00229ABDF10DFA9E8547EEBBB4FF89310F14822AEC15A3350DB358941CB91
                                                                                                                                                                Function 00A28130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNELBASE(wintrust.dll,?,?,00A4B144,00000000), ref: 00A28136
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 00A28149
                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,?,?,00A4B144,00000000), ref: 00A28152
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                • String ID: CryptCATAdminAcquireContext2$wintrust.dll
                                                                                                                                                                • API String ID: 145871493-3385133079
                                                                                                                                                                • Opcode ID: c08813eb631a993ed12489ff40820d91c1367bd755cce1963ea177d9856d514d
                                                                                                                                                                • Instruction ID: 2eee18891f92aa4ca7e5245d8a8d3898408f331b36efe3423a379f7ff07a3b27
                                                                                                                                                                • Opcode Fuzzy Hash: c08813eb631a993ed12489ff40820d91c1367bd755cce1963ea177d9856d514d
                                                                                                                                                                • Instruction Fuzzy Hash: 65D05E3F600631774E202BEC7C0DA8B6B64ADC7EA131A0769F40196158CAA58883A150
                                                                                                                                                                Function 00A2B890 Relevance: 6.2, APIs: 4, Instructions: 243COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,?,00A2B45F), ref: 00A2B99D
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000010,00000000,?,00A2B45F), ref: 00A2B9D6
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000,?,00A2B45F), ref: 00A2BA89
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00A2B45F,00000000,00000000,00000000,?,00A2B45F), ref: 00A2BAC7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 626452242-0
                                                                                                                                                                • Opcode ID: 3a870518f5e3e9e03c8fe96d829f767923a281764ef2eb8d0665349341ba7f10
                                                                                                                                                                • Instruction ID: bcaafb34681a6eb3c9ee6ee7ab18be5bc66a7877e625a97725455239d51ca828
                                                                                                                                                                • Opcode Fuzzy Hash: 3a870518f5e3e9e03c8fe96d829f767923a281764ef2eb8d0665349341ba7f10
                                                                                                                                                                • Instruction Fuzzy Hash: F891C135A10215DFDB10CF6CE884BADBBB5FF85310F244169E915AB391DB71AE42CBA0
                                                                                                                                                                Function 00A243E0 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00004020,?,00000000,?), ref: 00A2440A
                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00A24415
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateHandleThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3032276028-0
                                                                                                                                                                • Opcode ID: a7daa675ef079e40e3e8778e02469c5a8defec98f1ad20c09c8ddc15f66d18bd
                                                                                                                                                                • Instruction ID: 633133846be295b53d2d086c5b3c92db6bfcef14a0697b3cdd8b60d9c51d1d99
                                                                                                                                                                • Opcode Fuzzy Hash: a7daa675ef079e40e3e8778e02469c5a8defec98f1ad20c09c8ddc15f66d18bd
                                                                                                                                                                • Instruction Fuzzy Hash: DAF08278640208BFDB14EFA8EC09B6D77B4FB88701F400168F905961D1DAB16A45CB50
                                                                                                                                                                Function 00A24440 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_000041B0,?,00000000,?), ref: 00A2446A
                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 00A24475
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateHandleThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3032276028-0
                                                                                                                                                                • Opcode ID: 7fed2d30c59f18dd5e972d7e5043f484028968a040452828b9ca0787e89c4d77
                                                                                                                                                                • Instruction ID: 7b807464814af1505d41812cbd3a6ec9fab445d9058c655e5eea007d951ff263
                                                                                                                                                                • Opcode Fuzzy Hash: 7fed2d30c59f18dd5e972d7e5043f484028968a040452828b9ca0787e89c4d77
                                                                                                                                                                • Instruction Fuzzy Hash: D2F0A778600208FFDB14EFE4EC49B6D7BB8FB84705F400158F805961D0DBB16A45CB50
                                                                                                                                                                Function 00A3B5D6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A3A272: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A38B5A,00000001,00000364,?,00A32AA0,?,?,?,?,?,00A27DDD,?), ref: 00A3A2B3
                                                                                                                                                                • _free.LIBCMT ref: 00A3B642
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 614378929-0
                                                                                                                                                                • Opcode ID: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                • Instruction ID: 52815d1b4c3416413c6d5ac90af785e039661f956bd6a2ece502b8fbf7d84842
                                                                                                                                                                • Opcode Fuzzy Hash: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                • Instruction Fuzzy Hash: C901D672210345ABE7218F6A988299AFBEAEB85370F25051DF685832C1EB30A9058774
                                                                                                                                                                Function 00A3A272 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00A38B5A,00000001,00000364,?,00A32AA0,?,?,?,?,?,00A27DDD,?), ref: 00A3A2B3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 651eab8b07b89fbf8638e49bd83fcc7b1d73e5750f1b34159728a323405a23a0
                                                                                                                                                                • Instruction ID: 9523268bf162f9b9a69f61e18c491020d0ad6714ad708dd51567f6ecaa6170e9
                                                                                                                                                                • Opcode Fuzzy Hash: 651eab8b07b89fbf8638e49bd83fcc7b1d73e5750f1b34159728a323405a23a0
                                                                                                                                                                • Instruction Fuzzy Hash: ADF0E93260453067DB31ABF69C05BDB3759AFA2B60F198121FC44D61B4DE32DC0082E2
                                                                                                                                                                Function 00A305F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A30610
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 5c2df8e700a4d05017d53d2b3b920bcc6f1298ab7cdb473e7699e1067b13e49e
                                                                                                                                                                • Instruction ID: 94afbe9ca90dead591d7aa4dce5048012fe435b96d7e16a99cf95f328201d754
                                                                                                                                                                • Opcode Fuzzy Hash: 5c2df8e700a4d05017d53d2b3b920bcc6f1298ab7cdb473e7699e1067b13e49e
                                                                                                                                                                • Instruction Fuzzy Hash: 12B012952ED011BF3114D10C6D03E3F011CE0D0B237304C3AF480C00C1D5C05D041031
                                                                                                                                                                Function 00A30684 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: d0bd6193c8dd2fdcb948e6e14ad0a930e7521fd5f6d5252e910ec4fb5d57a82e
                                                                                                                                                                • Instruction ID: 7192c8f20e37bfe22446b7e330a662ca3b4e027c2cc34481a1d9827c5dba06e9
                                                                                                                                                                • Opcode Fuzzy Hash: d0bd6193c8dd2fdcb948e6e14ad0a930e7521fd5f6d5252e910ec4fb5d57a82e
                                                                                                                                                                • Instruction Fuzzy Hash: B5B0129526C011BE3114910C7D13E3F011CD0C0B31730883AF800C0181D6808D041131
                                                                                                                                                                Function 00A30634 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: d6792e2a5f28561ea250050de4abc9014a02e6e351312b9cf9b618355d8a4ebc
                                                                                                                                                                • Instruction ID: 3f2e02be2dd7d77893964caf140ccea21ea674eb9885c172c95c17e6c70110c1
                                                                                                                                                                • Opcode Fuzzy Hash: d6792e2a5f28561ea250050de4abc9014a02e6e351312b9cf9b618355d8a4ebc
                                                                                                                                                                • Instruction Fuzzy Hash: 20B0129926D1127E3244910CBD13D3F015CD0C0B21730493AF400C0181D6804D480231
                                                                                                                                                                Function 00A3063E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 7cadef2526c7ab49aa19732d3091938980480c8bd4667f4983b6f731c22d7898
                                                                                                                                                                • Instruction ID: 7f6a557c597f068adebc16fb76838dae9fadb7d514ed9c90193ad4926d0c28ca
                                                                                                                                                                • Opcode Fuzzy Hash: 7cadef2526c7ab49aa19732d3091938980480c8bd4667f4983b6f731c22d7898
                                                                                                                                                                • Instruction Fuzzy Hash: 92B0129526C012BE3104911CBD13D3F015CD0C0B31730883AF800C0181D7804D040131
                                                                                                                                                                Function 00A30619 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 682025f0a211d9ec5b8233082a8fde8f96493ef00bd002b3907092bf18b7ea6c
                                                                                                                                                                • Instruction ID: 807be8508b216f0f195dde2b12f369db1793c957639f68d0280a28f9b7b2bc2d
                                                                                                                                                                • Opcode Fuzzy Hash: 682025f0a211d9ec5b8233082a8fde8f96493ef00bd002b3907092bf18b7ea6c
                                                                                                                                                                • Instruction Fuzzy Hash: 45B0129726C1127E3104510CFD13D3F011CE0C0B21B30483AF401D0082D6804E040035
                                                                                                                                                                Function 00A30666 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 3a42aac5a2d12a8ab83537cbd8bbb3055c278c84b1edb3c8e39b6bb733e13a21
                                                                                                                                                                • Instruction ID: cc8e4820d5ed898ed792962252c9d6baf7838f5d547ecbc5cc827fdc90c4b2ae
                                                                                                                                                                • Opcode Fuzzy Hash: 3a42aac5a2d12a8ab83537cbd8bbb3055c278c84b1edb3c8e39b6bb733e13a21
                                                                                                                                                                • Instruction Fuzzy Hash: 12B012A526C0127E3144910CBE13D3F019CD0C0B21B30883AF800C0181D6904D050131
                                                                                                                                                                Function 00A30670 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 89c469fe268ee10ece0cc47d70e22e8fd6a457607e560368dbffceb2f151e5ff
                                                                                                                                                                • Instruction ID: f021e384f3ad3cd3c8a4d8fc49de3d6fcd67de12fff0f05b895d26371947ea0b
                                                                                                                                                                • Opcode Fuzzy Hash: 89c469fe268ee10ece0cc47d70e22e8fd6a457607e560368dbffceb2f151e5ff
                                                                                                                                                                • Instruction Fuzzy Hash: AFB0129526D011BE3104910C7D13D3F011CD0C0B71730883AF800C0181D6804E040231
                                                                                                                                                                Function 00A3067A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 07c2cfa7713b6bc3bc818914cbc06fd153534fffeacec59a00d3a17bc1e3a9be
                                                                                                                                                                • Instruction ID: 9b0c87522a5979434e23822d180b244309105e31788f75e43a76fb4caa9a85a9
                                                                                                                                                                • Opcode Fuzzy Hash: 07c2cfa7713b6bc3bc818914cbc06fd153534fffeacec59a00d3a17bc1e3a9be
                                                                                                                                                                • Instruction Fuzzy Hash: 18B0129566C1117E3254910C7D13E3F011CD1C0B21730493AF400C0181D6804E481231
                                                                                                                                                                Function 00A30648 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 4e7e82fe69421a5dabc78fd2554a7eaa191e74de79c60ed4aa24deb7ac5bac54
                                                                                                                                                                • Instruction ID: b19e1382b91194d32f88604213c103977c1343ad61041876bd307620e66df31b
                                                                                                                                                                • Opcode Fuzzy Hash: 4e7e82fe69421a5dabc78fd2554a7eaa191e74de79c60ed4aa24deb7ac5bac54
                                                                                                                                                                • Instruction Fuzzy Hash: B3B0129527E0117E3504910C7D23E3F011CE4C0B61B30483AF400C0181D6804E040131
                                                                                                                                                                Function 00A30652 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: a52ecb8bebb926bad89a32507e512c1631b2d5da130a6ba18d890eb71109f1bc
                                                                                                                                                                • Instruction ID: 61fb7173138f4e21885f523f15396526a80be15a49c5a9959c65953ee7eafcbb
                                                                                                                                                                • Opcode Fuzzy Hash: a52ecb8bebb926bad89a32507e512c1631b2d5da130a6ba18d890eb71109f1bc
                                                                                                                                                                • Instruction Fuzzy Hash: 07B0129526E0117E3144910C7E13D3F011CD0C0BA1730883AF800C4181D6905E050131
                                                                                                                                                                Function 00A3065C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A3062B
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00A27AF1
                                                                                                                                                                  • Part of subcall function 00A27AE6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A27B59
                                                                                                                                                                  • Part of subcall function 00A27AE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 00A27B6A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 697777088-0
                                                                                                                                                                • Opcode ID: 650d871d5d4731c51e6a114f581bbd952980f98298fed06dce63f2d645e26a70
                                                                                                                                                                • Instruction ID: 664a9ba564e9456b512ae7f56ebeeac91fb006ef006e6a81da47cf5f922ddce4
                                                                                                                                                                • Opcode Fuzzy Hash: 650d871d5d4731c51e6a114f581bbd952980f98298fed06dce63f2d645e26a70
                                                                                                                                                                • Instruction Fuzzy Hash: 58B012A526D2117E3244910C7D13D3F011CD0C0B61730497AF400C0181D6804E480231
                                                                                                                                                                Function 00A23FE0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnumResourceNamesW.KERNELBASE(00A20000,0000000A,00A22BA0,?,?,?,?,?), ref: 00A23FF2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnumNamesResource
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3334572018-0
                                                                                                                                                                • Opcode ID: 93bd1c31d4c303f800fc7ed9730ca133cbed3118f522e42656d0c14aea4b0278
                                                                                                                                                                • Instruction ID: f4ef26b25c9824ee207b048ea4f608c2207704dbecaa555fc300947a5390d071
                                                                                                                                                                • Opcode Fuzzy Hash: 93bd1c31d4c303f800fc7ed9730ca133cbed3118f522e42656d0c14aea4b0278
                                                                                                                                                                • Instruction Fuzzy Hash: AAB0923A288318BBDA001AD9FC0AF843B19BB8AB52F400820F60E6449186A2A5204696

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00A29020 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 152encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A28DC0: lstrcatA.KERNEL32(?, (Prototype),?,6CF146CE,?), ref: 00A28E56
                                                                                                                                                                  • Part of subcall function 00A28DC0: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,6CF146CE,?), ref: 00A28E6D
                                                                                                                                                                  • Part of subcall function 00A28DC0: CryptReleaseContext.ADVAPI32(00000000,00000000,?,6CF146CE,?), ref: 00A28E85
                                                                                                                                                                • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,6CF146CE,?,?,00A28744,?,?,?,?,00A42269,000000FF), ref: 00A29088
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00A42269,000000FF), ref: 00A290A4
                                                                                                                                                                • CryptHashData.ADVAPI32(?,?,6CF146CE,00000000,?,?,?,?,00A42269,000000FF), ref: 00A290BB
                                                                                                                                                                • CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00A42269,000000FF), ref: 00A290E4
                                                                                                                                                                • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00A42269,000000FF), ref: 00A29128
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00A42269,000000FF), ref: 00A2913E
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00A42269,000000FF), ref: 00A2914E
                                                                                                                                                                • GetLastError.KERNEL32(Unable to create hash context!,?,?,?,?,00A42269,000000FF), ref: 00A29177
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A2918F
                                                                                                                                                                • GetLastError.KERNEL32(Unable to update hash context!,?,00A4B144,00000000,?,?,?,?,00A42269,000000FF), ref: 00A29199
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A291B1
                                                                                                                                                                • GetLastError.KERNEL32(Unable to determine digest size!,?,00A4B144,00000000,?,?,?,?,00A42269,000000FF), ref: 00A291BB
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A291D3
                                                                                                                                                                • GetLastError.KERNEL32(Unable to retrieve digest!,?,00A4B144,00000000,?,?,?,?,00A42269,000000FF), ref: 00A291DD
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A291F5
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to determine digest size!, xrefs: 00A291B6
                                                                                                                                                                • Unable to update hash context!, xrefs: 00A29194
                                                                                                                                                                • Unable to retrieve digest!, xrefs: 00A291D8
                                                                                                                                                                • Unable to create hash context!, xrefs: 00A29172
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Crypt$Hash$ErrorException@8LastThrow$Context$DestroyParamRelease$AcquireCreateDatalstrcat
                                                                                                                                                                • String ID: Unable to create hash context!$Unable to determine digest size!$Unable to retrieve digest!$Unable to update hash context!
                                                                                                                                                                • API String ID: 827938544-872507617
                                                                                                                                                                • Opcode ID: f461350add2c84c4b72b7460ad81bed0c5c4b55626965698c060dbe3b51eface
                                                                                                                                                                • Instruction ID: 42ad89625f05a40a93f9354b2ddd784e143f2aa3fe87f3c20721a5468a2d1ab0
                                                                                                                                                                • Opcode Fuzzy Hash: f461350add2c84c4b72b7460ad81bed0c5c4b55626965698c060dbe3b51eface
                                                                                                                                                                • Instruction Fuzzy Hash: 3A515C79A4021AABDF14DFE8DC49FEEBBB8BF49704F104625F511B2190DB74AA04CB60
                                                                                                                                                                Function 00A29340 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptGetHashParam.ADVAPI32(?,00000004,0000800C,00A28744,00000000,6CF146CE,?,?,?,00000000), ref: 00A29395
                                                                                                                                                                • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 00A293DC
                                                                                                                                                                • GetLastError.KERNEL32(Unable to determine digest size!), ref: 00A2940A
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A29422
                                                                                                                                                                • GetLastError.KERNEL32(Unable to retrieve digest!,?,00A4B144,00000000), ref: 00A2942C
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A29444
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to determine digest size!, xrefs: 00A29405
                                                                                                                                                                • Unable to retrieve digest!, xrefs: 00A29427
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CryptErrorException@8HashLastParamThrow
                                                                                                                                                                • String ID: Unable to determine digest size!$Unable to retrieve digest!
                                                                                                                                                                • API String ID: 2498184597-199986585
                                                                                                                                                                • Opcode ID: c0566b86a81b0673567206c89b659e3de6e14b89baf7bcef6a16f2abce0f9951
                                                                                                                                                                • Instruction ID: 973fb58d4671847cf2fb19c35ba0a7ff3641a1f6208894442de1def93d4504dd
                                                                                                                                                                • Opcode Fuzzy Hash: c0566b86a81b0673567206c89b659e3de6e14b89baf7bcef6a16f2abce0f9951
                                                                                                                                                                • Instruction Fuzzy Hash: C5316DB5940219ABDB10DF94DD45FEEBBB8FF49704F10462AF501A2280DB75AA04CBA4
                                                                                                                                                                Function 00A3CE7E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                • Opcode ID: 6819d29ce940e1718c6db08c8de2b55948d03f7c7549c8dce700c0e6a22750ab
                                                                                                                                                                • Instruction ID: 369ef78deed433046fc55e16aa83a9e960f7c1662f729b03bd21d5288e0bf16f
                                                                                                                                                                • Opcode Fuzzy Hash: 6819d29ce940e1718c6db08c8de2b55948d03f7c7549c8dce700c0e6a22750ab
                                                                                                                                                                • Instruction Fuzzy Hash: 1FC22A71E086288FDB25CF28ED407EAB7B5EB85305F1541EAE44EE7240E775AE858F40
                                                                                                                                                                Function 00A294D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 00A294E2
                                                                                                                                                                • GetLastError.KERNEL32(Unable to update hash context!), ref: 00A294F7
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A2950F
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to update hash context!, xrefs: 00A294F2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CryptDataErrorException@8HashLastThrow
                                                                                                                                                                • String ID: Unable to update hash context!
                                                                                                                                                                • API String ID: 913647941-2364437153
                                                                                                                                                                • Opcode ID: 0fcd5d0d94f79dd56ad363b72760786aaecc449bba773df363dc4be3794f000d
                                                                                                                                                                • Instruction ID: f791fccb583e454571db84bebb4e5d0b6f83398497969c35a3df634a4a8afebf
                                                                                                                                                                • Opcode Fuzzy Hash: 0fcd5d0d94f79dd56ad363b72760786aaecc449bba773df363dc4be3794f000d
                                                                                                                                                                • Instruction Fuzzy Hash: 72E0DF362402197BCB10FFECDC06FAE7B2CBB45B00F104664BA10A1091EB32EA14CBA4
                                                                                                                                                                Function 00A2EDE0 Relevance: 5.2, APIs: 4, Instructions: 239memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 00A2F034
                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00A2F03B
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 00A2F058
                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 00A2F05F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3859560861-0
                                                                                                                                                                • Opcode ID: 7bc823644b43bbf3522f71d3fb0d2dc606fcd7fb4b0d03307659696dfefb55cf
                                                                                                                                                                • Instruction ID: ac22ff57f6c0af2c00907fc46add88eff4b8a21d23b1ce2b6c0ad24b5b1822a8
                                                                                                                                                                • Opcode Fuzzy Hash: 7bc823644b43bbf3522f71d3fb0d2dc606fcd7fb4b0d03307659696dfefb55cf
                                                                                                                                                                • Instruction Fuzzy Hash: 09714072D002295BDF11DBE8ED85AEFB7BCAB48314F454139ED10E7201E775AD468BA0
                                                                                                                                                                Function 00A34476 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00A3456E
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00A34578
                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00A34585
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                • Opcode ID: f55d54bda2e616463bc4bc62b63aada47bcf0f4ccfcd936beb44ab2426006f78
                                                                                                                                                                • Instruction ID: 821e394622f18dd69911ba59bab61783482655758d8ea3e2c5e794e7f05191c3
                                                                                                                                                                • Opcode Fuzzy Hash: f55d54bda2e616463bc4bc62b63aada47bcf0f4ccfcd936beb44ab2426006f78
                                                                                                                                                                • Instruction Fuzzy Hash: 4731C275901228ABCB21DF68D989BDDBBB8BF48310F5041EAF81CA7250E7709F858F54
                                                                                                                                                                Function 00A37C5A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,?,00A37C30,00000000,00A4BA28,0000000C,00A37D87,00000000,00000002,00000000), ref: 00A37C7B
                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00A37C30,00000000,00A4BA28,0000000C,00A37D87,00000000,00000002,00000000), ref: 00A37C82
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00A37C94
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                • Opcode ID: a1d4bbdb99a92ef6b6b704c4bb092104504d91af254b39fa2f8c04af420b7830
                                                                                                                                                                • Instruction ID: 6352cab57f245a69f414508ec1ca287654569e4caa0a43cd30ccce6cfe6ff1a6
                                                                                                                                                                • Opcode Fuzzy Hash: a1d4bbdb99a92ef6b6b704c4bb092104504d91af254b39fa2f8c04af420b7830
                                                                                                                                                                • Instruction Fuzzy Hash: 75E0467A011208BBCF21AF94CE09A8C3B6AFB91342F000110F9098A531CB36DE86DB80
                                                                                                                                                                Function 00A3C9D0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                • Instruction ID: fb0d1aaabc02e665e04813e8e75f94f477fa88bf338e31efed7fc053d88d3b17
                                                                                                                                                                • Opcode Fuzzy Hash: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                • Instruction Fuzzy Hash: 26020C71E002199BDF14CFA9C9806ADFBF5EF88324F25826AE919F7344D731A9418B94
                                                                                                                                                                Function 00A4126C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A41267,?,?,00000008,?,?,00A40F07,00000000), ref: 00A41499
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                • Opcode ID: a3f1fb5291c2f200a7ebc78ffc3478b7a3fdad912229563a39692dcfa2a4a093
                                                                                                                                                                • Instruction ID: f22073d338be9f0ba612f8b88b1306beace7dd4834f4ec11ee6752f334806fa8
                                                                                                                                                                • Opcode Fuzzy Hash: a3f1fb5291c2f200a7ebc78ffc3478b7a3fdad912229563a39692dcfa2a4a093
                                                                                                                                                                • Instruction Fuzzy Hash: C6B15E79610608DFD715CF28C48ABA57BF0FF85365F258658E89ACF2A1C335E992CB40
                                                                                                                                                                Function 00A28260 Relevance: 1.5, APIs: 1, Instructions: 34encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptDestroyHash.ADVAPI32(?,6CF146CE,?,?,00A420F0,000000FF), ref: 00A28296
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CryptDestroyHash
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 174375392-0
                                                                                                                                                                • Opcode ID: 8aba49f7bcf620fa9466e550fe1f593b241132776bbcc760dd3abdef6de7ea44
                                                                                                                                                                • Instruction ID: 2bc88923c3de539a5e40c1ac95190552ec0017cb225298968872cb296e834c68
                                                                                                                                                                • Opcode Fuzzy Hash: 8aba49f7bcf620fa9466e550fe1f593b241132776bbcc760dd3abdef6de7ea44
                                                                                                                                                                • Instruction Fuzzy Hash: 26F09075645654EBD710CF5CD900B9AB3ECFB08710F10056AFC15D3780DB7AA900C790
                                                                                                                                                                Function 00A28EF0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00A283E7,00000000,?,?,?,00000000,00000004,?,00A28744,0000800C,6CF146CE,?), ref: 00A28EF8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ContextCryptRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 829835001-0
                                                                                                                                                                • Opcode ID: 9c51e9d970417b955070c201045d647e713222633bab7d0cb8425c0266047bf7
                                                                                                                                                                • Instruction ID: e56657677dfc3eb1bbadebcc556d23b10233a6299917c8ad3415a3664adfd1fe
                                                                                                                                                                • Opcode Fuzzy Hash: 9c51e9d970417b955070c201045d647e713222633bab7d0cb8425c0266047bf7
                                                                                                                                                                • Instruction Fuzzy Hash: C6B0123604020CB7CF105F81EC05F45BF2CD791750F104021F70404070C7736521A5A9
                                                                                                                                                                Function 00A42660 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(053B7DE0,00000000), ref: 00A4266C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ContextCryptRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 829835001-0
                                                                                                                                                                • Opcode ID: bbbaf012de8dcccbd45fb5de91302ed22a3c76c66a141cb1d724141c6e159633
                                                                                                                                                                • Instruction ID: 45788ef43c54f32d17e203cc2b65774212fd69a80faa6f7dc7831047210f0b33
                                                                                                                                                                • Opcode Fuzzy Hash: bbbaf012de8dcccbd45fb5de91302ed22a3c76c66a141cb1d724141c6e159633
                                                                                                                                                                • Instruction Fuzzy Hash: 70B0127C70020057DF70CFB6AD09B02B26CB7C1701F5040407300D10E0CA22D901C624
                                                                                                                                                                Function 00A31292 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000112A0,00A30755), ref: 00A31297
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                • Opcode ID: d9f935ce4872855ed347982af9ff49df1acfb2539b1589990db05821ba735e7f
                                                                                                                                                                • Instruction ID: e6855920d61b917953d5cb066f61a04aeb36cdd58b4081272578df5b0b0541ab
                                                                                                                                                                • Opcode Fuzzy Hash: d9f935ce4872855ed347982af9ff49df1acfb2539b1589990db05821ba735e7f
                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                Function 00A2D340 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b58f350836d85aaa8552f8cbd3c529f5cb2a0375ef92a462ec33d0ac5dee1199
                                                                                                                                                                • Instruction ID: bba447dff1470383e711068a0a919e23bf4f7e1000b00e0d40fbd5759b86ca79
                                                                                                                                                                • Opcode Fuzzy Hash: b58f350836d85aaa8552f8cbd3c529f5cb2a0375ef92a462ec33d0ac5dee1199
                                                                                                                                                                • Instruction Fuzzy Hash: C1A1AF71E04225CFCB18DF6CE8919AEB7F5FF48304B244629E816E7392D730A950CBA4
                                                                                                                                                                Function 00A366E4 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bbf8fb036654554b4dd607d755397bfbdfa62b23dbcbd455acbbb99b6c31dcc4
                                                                                                                                                                • Instruction ID: 4cbcc7991f1ca5fd6d4ade0c9363ce35b96687724e5d56733d30909c56f1f00d
                                                                                                                                                                • Opcode Fuzzy Hash: bbf8fb036654554b4dd607d755397bfbdfa62b23dbcbd455acbbb99b6c31dcc4
                                                                                                                                                                • Instruction Fuzzy Hash: 1061AB7560070877DE389B289AA6BBE73E9EF45708FA4C41AF882DB2C1D611DD42C355
                                                                                                                                                                Function 00A212F0 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 434windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00A21362
                                                                                                                                                                • PostQuitMessage.USER32(00000002), ref: 00A2136A
                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00A21386
                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00A2138E
                                                                                                                                                                • DestroyWindow.USER32 ref: 00A213AF
                                                                                                                                                                • DestroyWindow.USER32 ref: 00A213BB
                                                                                                                                                                • DestroyWindow.USER32 ref: 00A213C7
                                                                                                                                                                • DestroyWindow.USER32 ref: 00A213D3
                                                                                                                                                                • DestroyWindow.USER32 ref: 00A213DF
                                                                                                                                                                • DestroyWindow.USER32 ref: 00A213EB
                                                                                                                                                                • DeleteObject.GDI32 ref: 00A213F7
                                                                                                                                                                • DeleteObject.GDI32 ref: 00A21403
                                                                                                                                                                • DeleteObject.GDI32 ref: 00A2140F
                                                                                                                                                                • DestroyIcon.USER32 ref: 00A2141B
                                                                                                                                                                • SystemParametersInfoW.USER32(00000029,000001F4,000001F4,00000000), ref: 00A21460
                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00A2146A
                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00A21491
                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00A214B8
                                                                                                                                                                • LoadImageW.USER32(00000064,00000001,00000030,00000030,00000000), ref: 00A21669
                                                                                                                                                                • CreateWindowExW.USER32(00000000,STATIC,00000000,50000003,00000010,00000010,00000030,00000030,?,00000000,00000000), ref: 00A21695
                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000001), ref: 00A216AE
                                                                                                                                                                • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000050,?,?,?,?,00000000,00000000), ref: 00A216ED
                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A21703
                                                                                                                                                                • CreateWindowExW.USER32(00000000,STATIC,?,50000000,?,?,?,?,?,00000000,00000000), ref: 00A21746
                                                                                                                                                                • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000010,?,?,?,?,00000000,00000000), ref: 00A21787
                                                                                                                                                                • SendMessageW.USER32(00000030,00000000), ref: 00A217A2
                                                                                                                                                                • SendMessageW.USER32(00000030,00000000), ref: 00A217B8
                                                                                                                                                                  • Part of subcall function 00A23B30: LoadStringW.USER32(00A20000,00000000,00A240A0,00000000), ref: 00A23B55
                                                                                                                                                                • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010001,00000010,?,?,?,?,00000000,00000000), ref: 00A21810
                                                                                                                                                                • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010000,?,?,?,?,?,00000000,00000000), ref: 00A21851
                                                                                                                                                                • SendMessageW.USER32(00000030,00000000), ref: 00A2186C
                                                                                                                                                                • SendMessageW.USER32(00000030,00000000), ref: 00A21882
                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A21898
                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00A218EB
                                                                                                                                                                • SetFocus.USER32 ref: 00A218F7
                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?), ref: 00A2190C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$CreateDestroy$Message$Send$DeleteFontIndirectObject$InfoLoadParametersPostQuitSystem$FocusIconImageProcString
                                                                                                                                                                • String ID: BUTTON$STATIC
                                                                                                                                                                • API String ID: 2791220612-3385952364
                                                                                                                                                                • Opcode ID: 61b4ac865b18004cedea584073ab8b6309ffa61e5de7413a22b93b3a17abf261
                                                                                                                                                                • Instruction ID: e260225c36a1b6e89b2f6d34ece5a411ebce233a6e1afb0b860071c787c9788d
                                                                                                                                                                • Opcode Fuzzy Hash: 61b4ac865b18004cedea584073ab8b6309ffa61e5de7413a22b93b3a17abf261
                                                                                                                                                                • Instruction Fuzzy Hash: 3802E67EA41214AFDB61CFE4EC49BA9BB74FF99300F104199F509A62E1D7B25A81CF10
                                                                                                                                                                Function 00A21BF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 128windowregistryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • #17.COMCTL32(6CF146CE), ref: 00A21C33
                                                                                                                                                                • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000040), ref: 00A21C6A
                                                                                                                                                                • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00A21C85
                                                                                                                                                                  • Part of subcall function 00A23B30: LoadStringW.USER32(00A20000,00000000,00A240A0,00000000), ref: 00A23B55
                                                                                                                                                                • GetSystemMetrics.USER32(00000032), ref: 00A21CAE
                                                                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 00A21CB8
                                                                                                                                                                • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00A21CC7
                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00A21CE3
                                                                                                                                                                • CreateWindowExW.USER32(00000000,?,00000000,90880000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00A21D05
                                                                                                                                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A21D1B
                                                                                                                                                                • IsDialogMessageW.USER32(00000000,?), ref: 00A21D2F
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00A21D3D
                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00A21D47
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LoadMessage$Image$MetricsSystem$ClassCreateDialogDispatchRegisterStringTranslateWindow
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 2026041735-4108050209
                                                                                                                                                                • Opcode ID: 3cb71a54fcc915be0d0fdb89065ba6569426448e7dde73f7da186b10ee397339
                                                                                                                                                                • Instruction ID: 615eeef52371b476cee1aebcd9d8c721a4e78626be89a3431bd0b5376e1db937
                                                                                                                                                                • Opcode Fuzzy Hash: 3cb71a54fcc915be0d0fdb89065ba6569426448e7dde73f7da186b10ee397339
                                                                                                                                                                • Instruction Fuzzy Hash: BE417D79A40318BFEB20DFE4DC49BEEBBB8FB45710F204125F915AA2D0D7B55A058B50
                                                                                                                                                                Function 00A3BBA7 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00A3BBEB
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B87B
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B88D
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B89F
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B8B1
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B8C3
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B8D5
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B8E7
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B8F9
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B90B
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B91D
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B92F
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B941
                                                                                                                                                                  • Part of subcall function 00A3B85E: _free.LIBCMT ref: 00A3B953
                                                                                                                                                                • _free.LIBCMT ref: 00A3BBE0
                                                                                                                                                                  • Part of subcall function 00A38DE9: HeapFree.KERNEL32(00000000,00000000,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?), ref: 00A38DFF
                                                                                                                                                                  • Part of subcall function 00A38DE9: GetLastError.KERNEL32(?,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?,?), ref: 00A38E11
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC02
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC17
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC22
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC44
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC57
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC65
                                                                                                                                                                • _free.LIBCMT ref: 00A3BC70
                                                                                                                                                                • _free.LIBCMT ref: 00A3BCA8
                                                                                                                                                                • _free.LIBCMT ref: 00A3BCAF
                                                                                                                                                                • _free.LIBCMT ref: 00A3BCCC
                                                                                                                                                                • _free.LIBCMT ref: 00A3BCE4
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                • Opcode ID: 7b94262005c28c8074d80ee7f43a4b72fe01229ffbdaeff945d1d86039f2d2cc
                                                                                                                                                                • Instruction ID: b46ac52b27d030409917407ad742538f3387bd292d991549293bcc465430d6d4
                                                                                                                                                                • Opcode Fuzzy Hash: 7b94262005c28c8074d80ee7f43a4b72fe01229ffbdaeff945d1d86039f2d2cc
                                                                                                                                                                • Instruction Fuzzy Hash: DF316B35A11301EFEB30AB79E946B5AB3EAAF14350F14582AF189D7191DF75BC808B20
                                                                                                                                                                Function 00A25535 Relevance: 16.7, APIs: 11, Instructions: 166synchronizationfileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A28080: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00A2809B
                                                                                                                                                                  • Part of subcall function 00A28080: GetProcAddress.KERNEL32(00000000), ref: 00A280A2
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000000C1), ref: 00A25593
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 00A255A2
                                                                                                                                                                • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 00A255D9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A255E9
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000420), ref: 00A25602
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A275E3
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A275F4
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A27605
                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00A276A1
                                                                                                                                                                • _wcsrchr.LIBVCRUNTIME ref: 00A276B3
                                                                                                                                                                • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 00A276EF
                                                                                                                                                                • CopyFileW.KERNEL32(00000000,?,00000000), ref: 00A27707
                                                                                                                                                                • ReleaseMutex.KERNEL32(?), ref: 00A27718
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A2771F
                                                                                                                                                                  • Part of subcall function 00A23B70: #17.COMCTL32 ref: 00A23B84
                                                                                                                                                                  • Part of subcall function 00A23B70: LoadStringW.USER32(00A20000,000003E9,?,00000000), ref: 00A23BA1
                                                                                                                                                                  • Part of subcall function 00A23B70: LoadStringW.USER32(00A20000,?,?,00000000), ref: 00A23BBA
                                                                                                                                                                  • Part of subcall function 00A23B70: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00A23BCF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$Close$ExchangeInterlocked$CreateLoadMutexString_wcsrchr$AddressCopyErrorFileHardLastLinkMessageModuleProcRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3636221856-0
                                                                                                                                                                • Opcode ID: 09e9867ab088d6f5a017e478a7c23ab2df0a0883e6f92bff1d252d3b4b7a95cf
                                                                                                                                                                • Instruction ID: 00bee7b35c829d54f003f37b76ddacb42a114e63f7910002707e862130350cb6
                                                                                                                                                                • Opcode Fuzzy Hash: 09e9867ab088d6f5a017e478a7c23ab2df0a0883e6f92bff1d252d3b4b7a95cf
                                                                                                                                                                • Instruction Fuzzy Hash: 54518A75A042289BDF20EB68ED46FADB778AF09301F0001F5F409A3591EB719F858F61
                                                                                                                                                                Function 00A21FC0 Relevance: 15.1, APIs: 10, Instructions: 136COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateSolidBrush.GDI32(00824049), ref: 00A22021
                                                                                                                                                                • CreateSolidBrush.GDI32(00362620), ref: 00A22042
                                                                                                                                                                • CreateSolidBrush.GDI32(00DBDBDA), ref: 00A22054
                                                                                                                                                                • CreateSolidBrush.GDI32(00F67000), ref: 00A22064
                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00A22074
                                                                                                                                                                • FillRect.USER32(?,?), ref: 00A220E3
                                                                                                                                                                • FillRect.USER32(?,?), ref: 00A2210D
                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00A22118
                                                                                                                                                                • CreateSolidBrush.GDI32(003F382C), ref: 00A2214E
                                                                                                                                                                • CreateSolidBrush.GDI32(00FF9640), ref: 00A2218A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: BrushCreateSolid$FillPaintRect$Begin
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2220257389-0
                                                                                                                                                                • Opcode ID: 2be896035daff781dd77fe1b6db4073b01dd0e3b2232f7745ff32df310caf418
                                                                                                                                                                • Instruction ID: a0f662cef0ea36ee303230a9659e6ebf679d870745183a0e6bbeabcd012937e7
                                                                                                                                                                • Opcode Fuzzy Hash: 2be896035daff781dd77fe1b6db4073b01dd0e3b2232f7745ff32df310caf418
                                                                                                                                                                • Instruction Fuzzy Hash: 1151C77DA01214EFDB10CFF8E9859A9B7B4FB8A300B104626F906D7292DB31AD45CB51
                                                                                                                                                                Function 00A389B1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 00A389C5
                                                                                                                                                                  • Part of subcall function 00A38DE9: HeapFree.KERNEL32(00000000,00000000,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?), ref: 00A38DFF
                                                                                                                                                                  • Part of subcall function 00A38DE9: GetLastError.KERNEL32(?,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?,?), ref: 00A38E11
                                                                                                                                                                • _free.LIBCMT ref: 00A389D1
                                                                                                                                                                • _free.LIBCMT ref: 00A389DC
                                                                                                                                                                • _free.LIBCMT ref: 00A389E7
                                                                                                                                                                • _free.LIBCMT ref: 00A389F2
                                                                                                                                                                • _free.LIBCMT ref: 00A389FD
                                                                                                                                                                • _free.LIBCMT ref: 00A38A08
                                                                                                                                                                • _free.LIBCMT ref: 00A38A13
                                                                                                                                                                • _free.LIBCMT ref: 00A38A1E
                                                                                                                                                                • _free.LIBCMT ref: 00A38A2C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: 5afcd8f66796b7fd18c9f32aa764f622e415fe82ae6205ed9e0a477615fb7cef
                                                                                                                                                                • Instruction ID: 605acb6233bb361f9f369369c99867a78faccef45cfa0c5f5bcc7b154748608c
                                                                                                                                                                • Opcode Fuzzy Hash: 5afcd8f66796b7fd18c9f32aa764f622e415fe82ae6205ed9e0a477615fb7cef
                                                                                                                                                                • Instruction Fuzzy Hash: 4411A47A502208FFCB01EF95DE42CD93FA5EF14390F4140A6BA498B262DA35EA50DB80
                                                                                                                                                                Function 00A28080 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00A2809B
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00A280A2
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?), ref: 00A280D1
                                                                                                                                                                Strings
                                                                                                                                                                • kernel32, xrefs: 00A28096
                                                                                                                                                                • IsWow64Process2, xrefs: 00A28091
                                                                                                                                                                • Unable to determine native architecture of the system!, xrefs: 00A28101
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                • String ID: IsWow64Process2$Unable to determine native architecture of the system!$kernel32
                                                                                                                                                                • API String ID: 4190356694-2412497375
                                                                                                                                                                • Opcode ID: 24adc790495c96717fbfba27f4ab4202ee8a56e6106037a81696028bf5220783
                                                                                                                                                                • Instruction ID: 5d323ed0d70b635865a166701227058c144c4cc77ccc727728a31d001f3affe4
                                                                                                                                                                • Opcode Fuzzy Hash: 24adc790495c96717fbfba27f4ab4202ee8a56e6106037a81696028bf5220783
                                                                                                                                                                • Instruction Fuzzy Hash: B911C83AE00218BB8F14EFF8ED059DE7778EF49700B1042A6F815D7150DF359A458B91
                                                                                                                                                                Function 00A21100 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59memorystringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcessHeap.KERNEL32 ref: 00A21115
                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 00A2111F
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000100), ref: 00A21157
                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00A2115E
                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000060), ref: 00A2116D
                                                                                                                                                                • lstrcpyW.KERNEL32(?,\b86362a5.exe), ref: 00A21187
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$AllocProcess$DirectorySystemlstrcpy
                                                                                                                                                                • String ID: \b86362a5.exe
                                                                                                                                                                • API String ID: 2190664303-3123522761
                                                                                                                                                                • Opcode ID: c23c7d4a93afb116efcf931a15b771767edcdf2b4fb82f573e7f7dff107f96d9
                                                                                                                                                                • Instruction ID: cbc4e78108f7a282fd60fb5a19c85caf0f3e6a3473b7a5b723402a1db7ebc946
                                                                                                                                                                • Opcode Fuzzy Hash: c23c7d4a93afb116efcf931a15b771767edcdf2b4fb82f573e7f7dff107f96d9
                                                                                                                                                                • Instruction Fuzzy Hash: 5C112B7E900312BBD714DFE9EC45A56BBA8FF99710F040229F90587650D771E820C7E4
                                                                                                                                                                Function 00A38EAA Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,00A390FB,00000001,00000001,8B000053), ref: 00A38F04
                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00A38F3C
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A390FB,00000001,00000001,8B000053,6CF146CE,?,?), ref: 00A38F8A
                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00A39021
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,6CF146CE,8B000053,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A39084
                                                                                                                                                                • __freea.LIBCMT ref: 00A39091
                                                                                                                                                                  • Part of subcall function 00A38E23: HeapAlloc.KERNEL32(00000000,?,?,?,00A32AA0,?,?,?,?,?,00A27DDD,?,?), ref: 00A38E55
                                                                                                                                                                • __freea.LIBCMT ref: 00A3909A
                                                                                                                                                                • __freea.LIBCMT ref: 00A390BF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2597970681-0
                                                                                                                                                                • Opcode ID: 3682ac623792e6415573b2f9cae06abbda557d005d6f5398810a9296293b0ff6
                                                                                                                                                                • Instruction ID: 3dcbdc50a699c2993dfdada91cce4615f7ea2358134edf4af02b63f0e5e77ca8
                                                                                                                                                                • Opcode Fuzzy Hash: 3682ac623792e6415573b2f9cae06abbda557d005d6f5398810a9296293b0ff6
                                                                                                                                                                • Instruction Fuzzy Hash: D751F372610206AFEB299F74CD41EBB77AAEF85750F144628FC05D7150DBB5DC41C6A0
                                                                                                                                                                Function 00A3EEDD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00A3F652,00000000,00000000,00000000,00000000,00000000,00A367BA), ref: 00A3EF1F
                                                                                                                                                                • __fassign.LIBCMT ref: 00A3EF9A
                                                                                                                                                                • __fassign.LIBCMT ref: 00A3EFB5
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00A3EFDB
                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,00000000,00A3F652,00000000,?,?,?,?,?,?,?,?,?,00A3F652,00000000), ref: 00A3EFFA
                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,00000001,00A3F652,00000000,?,?,?,?,?,?,?,?,?,00A3F652,00000000), ref: 00A3F033
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                • Opcode ID: bb9dbf872a162a1c357d598d208c3df3009b2b74f0e6fb5e3b06d81f70103891
                                                                                                                                                                • Instruction ID: 7eb27700fd46706990d4883c2387ab19975b9d2a504494122d9f93fe92f4ec05
                                                                                                                                                                • Opcode Fuzzy Hash: bb9dbf872a162a1c357d598d208c3df3009b2b74f0e6fb5e3b06d81f70103891
                                                                                                                                                                • Instruction Fuzzy Hash: 1B51CF75E00249AFCB14CFA8D881AEEBBF4EF4A300F14416AF951E7291E7709945CB60
                                                                                                                                                                Function 00A31D80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A31DAB
                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00A31DB3
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A31E41
                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00A31E6C
                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00A31EC1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                • Opcode ID: df9a86c1508584926febd4c3dc5ba8f21f9b2957b45b32ef1e2a4edb91856674
                                                                                                                                                                • Instruction ID: 5ec5f438496da58cad99be3da361a95af2138517ee382e6c03832ae0ac28d55e
                                                                                                                                                                • Opcode Fuzzy Hash: df9a86c1508584926febd4c3dc5ba8f21f9b2957b45b32ef1e2a4edb91856674
                                                                                                                                                                • Instruction Fuzzy Hash: 1141C538A00208ABCF10DF68D885AEEBBB5BF45354F248155FC15AB392D776DE15CB90
                                                                                                                                                                Function 00A2D860 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___from_strstr_to_strchr.LIBCMT ref: 00A2D90A
                                                                                                                                                                  • Part of subcall function 00A27DA0: ___std_exception_copy.LIBVCRUNTIME ref: 00A27DD8
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A2D997
                                                                                                                                                                  • Part of subcall function 00A3203A: RaiseException.KERNEL32(?,?,00A28071,?,?,?,?,?,?,?,?,00A28071,?,00A4B144,00000000), ref: 00A3209A
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A2D9B2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise___from_strstr_to_strchr___std_exception_copy
                                                                                                                                                                • String ID: 0123456789ABCDEF$Unable to convert invalid hexadecimal character!$Unable to convert invalid hexadecimal string!
                                                                                                                                                                • API String ID: 2723989866-230084144
                                                                                                                                                                • Opcode ID: d749cdb9152f779ce0945427dffd021b151494620dc325d5939bed6dc786b0e9
                                                                                                                                                                • Instruction ID: f919f9b9c2987984653c36414ad654950031d06c5b6893152a09e641fc7c1067
                                                                                                                                                                • Opcode Fuzzy Hash: d749cdb9152f779ce0945427dffd021b151494620dc325d5939bed6dc786b0e9
                                                                                                                                                                • Instruction Fuzzy Hash: D441E4B4A04A15AFCB10CFACC551BAEBBF4FF44710F204569F455AB682D774EA44CBA0
                                                                                                                                                                Function 00A23280 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindResourceW.KERNEL32(00A20000,EDAT_ECOO,0000000A), ref: 00A23294
                                                                                                                                                                • LoadResource.KERNEL32(00A20000,00000000), ref: 00A232AB
                                                                                                                                                                • SizeofResource.KERNEL32(00A20000,00000000), ref: 00A232B9
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Resource$FindLoadSizeof
                                                                                                                                                                • String ID: $@$EDAT_ECOO
                                                                                                                                                                • API String ID: 507330600-2393187713
                                                                                                                                                                • Opcode ID: b356f7bc0eee3f8029b4b291a568d43dc4784c371a0c162fa147494072a79144
                                                                                                                                                                • Instruction ID: db30718912e4c4916c14fc6b488efa477c3759c3221f703df6eaa2f28646a26b
                                                                                                                                                                • Opcode Fuzzy Hash: b356f7bc0eee3f8029b4b291a568d43dc4784c371a0c162fa147494072a79144
                                                                                                                                                                • Instruction Fuzzy Hash: 9631E633A14B6297DF20CFBDA9C5569B3A1BF973447154B3EE4469B502EF70AB848340
                                                                                                                                                                Function 00A3BA01 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A3B9C5: _free.LIBCMT ref: 00A3B9EE
                                                                                                                                                                • _free.LIBCMT ref: 00A3BA4F
                                                                                                                                                                  • Part of subcall function 00A38DE9: HeapFree.KERNEL32(00000000,00000000,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?), ref: 00A38DFF
                                                                                                                                                                  • Part of subcall function 00A38DE9: GetLastError.KERNEL32(?,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?,?), ref: 00A38E11
                                                                                                                                                                • _free.LIBCMT ref: 00A3BA5A
                                                                                                                                                                • _free.LIBCMT ref: 00A3BA65
                                                                                                                                                                • _free.LIBCMT ref: 00A3BAB9
                                                                                                                                                                • _free.LIBCMT ref: 00A3BAC4
                                                                                                                                                                • _free.LIBCMT ref: 00A3BACF
                                                                                                                                                                • _free.LIBCMT ref: 00A3BADA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                • Instruction ID: 242dd2b628eb54510d6f847a4506050838e04bbcc81077a6535b7e4a63f9c2a5
                                                                                                                                                                • Opcode Fuzzy Hash: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                • Instruction Fuzzy Hash: A4113D75952B08BBD620BBB0CE47FCB779EAF06740F404815B39AA6092DB79B50487A0
                                                                                                                                                                Function 00A32FFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,00A32FF1,00A32215), ref: 00A33008
                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A33016
                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A3302F
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00A32FF1,00A32215), ref: 00A33081
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                • Opcode ID: 76ea59218e8ff89d852cf1ac997ff821133c5fb3479c79f4bf28703a508f0294
                                                                                                                                                                • Instruction ID: a495d9601845a1fc5c78365753e83ac909c80352291dcbfe02476f0425bf9064
                                                                                                                                                                • Opcode Fuzzy Hash: 76ea59218e8ff89d852cf1ac997ff821133c5fb3479c79f4bf28703a508f0294
                                                                                                                                                                • Instruction Fuzzy Hash: 9101A73B20D7116EAE3C67B97E8662B2B94EB87775F30032DF220650F1EF9A5D025141
                                                                                                                                                                Function 00A38AA5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,00A34E11,?,?,?,00A352E9,6CF146CE,00000000,?,00A2D904,0123456789ABCDEF,6CF146CE,?,?,00000000), ref: 00A38AA9
                                                                                                                                                                • _free.LIBCMT ref: 00A38ADC
                                                                                                                                                                • _free.LIBCMT ref: 00A38B04
                                                                                                                                                                • SetLastError.KERNEL32(00000000,00A352E9,6CF146CE,00000000,?,00A2D904,0123456789ABCDEF,6CF146CE,?,?,00000000,00A28722), ref: 00A38B11
                                                                                                                                                                • SetLastError.KERNEL32(00000000,00A352E9,6CF146CE,00000000,?,00A2D904,0123456789ABCDEF,6CF146CE,?,?,00000000,00A28722), ref: 00A38B1D
                                                                                                                                                                • _abort.LIBCMT ref: 00A38B23
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                • Opcode ID: 077f4b5a53dce884cf11daf8f2b68842c6c61d7e497d446c24d9d5d4fcc97838
                                                                                                                                                                • Instruction ID: 5becd47039b051e2b34f9ab6f03e730983beb763ad45c20d17c6e2583d526667
                                                                                                                                                                • Opcode Fuzzy Hash: 077f4b5a53dce884cf11daf8f2b68842c6c61d7e497d446c24d9d5d4fcc97838
                                                                                                                                                                • Instruction Fuzzy Hash: 51F0283E6417413BC602B3B96D0AF2F1529AFD27A1F250526F515D6193EF6A89024120
                                                                                                                                                                Function 00A28F10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(Unable to decode base64 string!), ref: 00A28FD7
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A28FEF
                                                                                                                                                                • GetLastError.KERNEL32(Unable to decode base64 string!,?,00A4B144,00000000), ref: 00A28FF9
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A29011
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorException@8LastThrow
                                                                                                                                                                • String ID: Unable to decode base64 string!
                                                                                                                                                                • API String ID: 1006195485-979745446
                                                                                                                                                                • Opcode ID: 1d3080de8a55298a4e4a9d7715e584b1123f51c1b8fd6cfd3a59afe3cc156271
                                                                                                                                                                • Instruction ID: 834afa33251c0b97f86aadfc448abb0f6629ba9c89b54bb35b01e3eb1520d953
                                                                                                                                                                • Opcode Fuzzy Hash: 1d3080de8a55298a4e4a9d7715e584b1123f51c1b8fd6cfd3a59afe3cc156271
                                                                                                                                                                • Instruction Fuzzy Hash: B7318C75A40219BBDB20DF98DD46FAEB7B8FF48B00F104529B501A72C0DBB4AA04CB64
                                                                                                                                                                Function 00A23BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00A23BF5
                                                                                                                                                                  • Part of subcall function 00A3059D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A305A9
                                                                                                                                                                  • Part of subcall function 00A3059D: __CxxThrowException@8.LIBVCRUNTIME ref: 00A305B7
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 00A23C05
                                                                                                                                                                  • Part of subcall function 00A305BD: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A305C9
                                                                                                                                                                  • Part of subcall function 00A305BD: __CxxThrowException@8.LIBVCRUNTIME ref: 00A305D7
                                                                                                                                                                  • Part of subcall function 00A305BD: ___delayLoadHelper2@8.DELAYIMP ref: 00A305EF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument$Helper2@8Load___delay
                                                                                                                                                                • String ID: invalid string_view position$string too long$vector<T> too long
                                                                                                                                                                • API String ID: 1134749845-2832074639
                                                                                                                                                                • Opcode ID: 96a9cd04b5288f2c2f84f8408263381399d3cd8715efddc6cbb6bd9ba4bbde45
                                                                                                                                                                • Instruction ID: d840b3c31985ee71498cdbaa813b49ad3316f457c71086324113bafa012f78df
                                                                                                                                                                • Opcode Fuzzy Hash: 96a9cd04b5288f2c2f84f8408263381399d3cd8715efddc6cbb6bd9ba4bbde45
                                                                                                                                                                • Instruction Fuzzy Hash: 41F05C7310020C5B8F0CE734AC17C693399AD41334F604B3AB835C65D1DB20DF098512
                                                                                                                                                                Function 00A37CDF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A37C90,00000000,?,00A37C30,00000000,00A4BA28,0000000C,00A37D87,00000000,00000002), ref: 00A37CFF
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A37D12
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00A37C90,00000000,?,00A37C30,00000000,00A4BA28,0000000C,00A37D87,00000000,00000002), ref: 00A37D35
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                • Opcode ID: 861d216433b93599f00a4b2ad34175f30c39fde8c96e743a4f31c261b6cedb74
                                                                                                                                                                • Instruction ID: 8d2b6236a49741424f27c420c466a0996f41948021a7873d2bc4f55ad6e3e49c
                                                                                                                                                                • Opcode Fuzzy Hash: 861d216433b93599f00a4b2ad34175f30c39fde8c96e743a4f31c261b6cedb74
                                                                                                                                                                • Instruction Fuzzy Hash: 40F04479A00218BBDF15DFA4DC19BADBFB8EF85751F104168F805A6161DBB28E81CE90
                                                                                                                                                                Function 00A381DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                • Opcode ID: 2044919d5853871909c9be3f0191af05ac8765ce905e7c55f4424af85fa4c3f5
                                                                                                                                                                • Instruction ID: 1133ec281e7f20b986647d6daa4da4302823477246463cf1fbd07005fe1a531b
                                                                                                                                                                • Opcode Fuzzy Hash: 2044919d5853871909c9be3f0191af05ac8765ce905e7c55f4424af85fa4c3f5
                                                                                                                                                                • Instruction Fuzzy Hash: 0041D236A007049FDB20DFB8C981A9EB7B5EF88714F1545A9F565EB381DB35AD01CB80
                                                                                                                                                                Function 00A3A07D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(6CF146CE,00000000,8B000053,00A2D904,00000000,00000000,?,?,?,6CF146CE,00000001,00A2D904,8B000053,00000001,?,?), ref: 00A3A0CA
                                                                                                                                                                • __alloca_probe_16.LIBCMT ref: 00A3A102
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A3A153
                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A3A165
                                                                                                                                                                • __freea.LIBCMT ref: 00A3A16E
                                                                                                                                                                  • Part of subcall function 00A38E23: HeapAlloc.KERNEL32(00000000,?,?,?,00A32AA0,?,?,?,?,?,00A27DDD,?,?), ref: 00A38E55
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1857427562-0
                                                                                                                                                                • Opcode ID: 0bf8914945f454cdb8ad2cf9f7544564c1148828187a4dacb565a44ab9174290
                                                                                                                                                                • Instruction ID: 768241cd7ec44e7ffca812b5aa7b8fe410a7abfd77c52af930049ab67113e70a
                                                                                                                                                                • Opcode Fuzzy Hash: 0bf8914945f454cdb8ad2cf9f7544564c1148828187a4dacb565a44ab9174290
                                                                                                                                                                • Instruction Fuzzy Hash: 4C31BD32A0022AABDF24DF64DC45DAE7BA5EB51750F040228FC15D6290E736CD51CBA1
                                                                                                                                                                Function 00A38B29 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00A35183,00A38E66,?,?,00A32AA0,?,?,?,?,?,00A27DDD,?,?), ref: 00A38B2E
                                                                                                                                                                • _free.LIBCMT ref: 00A38B63
                                                                                                                                                                • _free.LIBCMT ref: 00A38B8A
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?), ref: 00A38B97
                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?), ref: 00A38BA0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                • Opcode ID: d028250f22218d8af695cf027d98aadb507c1b1bbfe933946e3a6cb0c95b810a
                                                                                                                                                                • Instruction ID: 76ece8401a9219a19607e97620421da78dcfa0c0980a5470f2065030df6cb7fa
                                                                                                                                                                • Opcode Fuzzy Hash: d028250f22218d8af695cf027d98aadb507c1b1bbfe933946e3a6cb0c95b810a
                                                                                                                                                                • Instruction Fuzzy Hash: CE01F9BE1417017BD612BBB99D85D1FA52AFFD2771F210125F616E2291DF7D8D024120
                                                                                                                                                                Function 00A3B95C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 00A3B974
                                                                                                                                                                  • Part of subcall function 00A38DE9: HeapFree.KERNEL32(00000000,00000000,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?), ref: 00A38DFF
                                                                                                                                                                  • Part of subcall function 00A38DE9: GetLastError.KERNEL32(?,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?,?), ref: 00A38E11
                                                                                                                                                                • _free.LIBCMT ref: 00A3B986
                                                                                                                                                                • _free.LIBCMT ref: 00A3B998
                                                                                                                                                                • _free.LIBCMT ref: 00A3B9AA
                                                                                                                                                                • _free.LIBCMT ref: 00A3B9BC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: aa123035441226b7152c8f7b792a32957e4ec9286c49e3598589cdf126fc3fa0
                                                                                                                                                                • Instruction ID: ecaaf6cc06d9fb593bf0ec6671da6045628754d257942cc3f16b9d1c6fa72d02
                                                                                                                                                                • Opcode Fuzzy Hash: aa123035441226b7152c8f7b792a32957e4ec9286c49e3598589cdf126fc3fa0
                                                                                                                                                                • Instruction Fuzzy Hash: 4BF0363A526304BFC620EBA4F587D1677DAFA55760F540C05F289D7551CB35FC808674
                                                                                                                                                                Function 00A38450 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 00A3846E
                                                                                                                                                                  • Part of subcall function 00A38DE9: HeapFree.KERNEL32(00000000,00000000,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?), ref: 00A38DFF
                                                                                                                                                                  • Part of subcall function 00A38DE9: GetLastError.KERNEL32(?,?,00A3B9F3,?,00000000,?,00000000,?,00A3BA1A,?,00000007,?,?,00A3BD3F,?,?), ref: 00A38E11
                                                                                                                                                                • _free.LIBCMT ref: 00A38480
                                                                                                                                                                • _free.LIBCMT ref: 00A38493
                                                                                                                                                                • _free.LIBCMT ref: 00A384A4
                                                                                                                                                                • _free.LIBCMT ref: 00A384B5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                • Opcode ID: 39cc6de7868fff316a0ba4a356917f06ea73946aacd3cfd36c6e08a19bdaeb4d
                                                                                                                                                                • Instruction ID: 52c15a342fb94bc53d287ed084d671f1467c7c20e29475466cdc1eee9ab327b8
                                                                                                                                                                • Opcode Fuzzy Hash: 39cc6de7868fff316a0ba4a356917f06ea73946aacd3cfd36c6e08a19bdaeb4d
                                                                                                                                                                • Instruction Fuzzy Hash: 05F03A7D806320EFE611EF99FC425087BA0FB96761714121AF461963B1DB7B19538FC0
                                                                                                                                                                Function 00A3750E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe,00000104), ref: 00A37549
                                                                                                                                                                • _free.LIBCMT ref: 00A37614
                                                                                                                                                                • _free.LIBCMT ref: 00A3761E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                • String ID: C:\Users\user\Desktop\avast_free_antivirus_setup_online.exe
                                                                                                                                                                • API String ID: 2506810119-1825467595
                                                                                                                                                                • Opcode ID: 844b77018f7da11b005cfca516a09343030707f88f3940ac2ff72311f04da54c
                                                                                                                                                                • Instruction ID: 6c9814e5c34b50be58492c9ae2573f0b8c36bbffaa4a415d7a305e95ccd02903
                                                                                                                                                                • Opcode Fuzzy Hash: 844b77018f7da11b005cfca516a09343030707f88f3940ac2ff72311f04da54c
                                                                                                                                                                • Instruction Fuzzy Hash: 3331AEB5A08218FFDB35DF999986D9EBBFCEB89310F1040A6F40497251D7B08E41CB90
                                                                                                                                                                Function 00A27FE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00A28004
                                                                                                                                                                • GetLastError.KERNEL32(Unable to determine the operating system version!), ref: 00A2804E
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A2806C
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to determine the operating system version!, xrefs: 00A28049
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorException@8LastThrowVersion
                                                                                                                                                                • String ID: Unable to determine the operating system version!
                                                                                                                                                                • API String ID: 2663129220-661432720
                                                                                                                                                                • Opcode ID: 102b56bd4f6b1b9c0774c7e59279f7fa89116a31a2b153764db69ae0dc4bb64f
                                                                                                                                                                • Instruction ID: cd39f195c942dbfecccc8714b3e9fdd355653e33f43b587249733d2e23ff23d1
                                                                                                                                                                • Opcode Fuzzy Hash: 102b56bd4f6b1b9c0774c7e59279f7fa89116a31a2b153764db69ae0dc4bb64f
                                                                                                                                                                • Instruction Fuzzy Hash: 73012B7491416C56CB29EBA99C256FD7BF4FF49301F4005EDB4D5E2141DA388B08DF60
                                                                                                                                                                Function 00A392FC Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1036877536-0
                                                                                                                                                                • Opcode ID: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                • Instruction ID: d1398c701424aaee6d557be7f852ea59f2b8fb6fc3b7f6832e6951860c048464
                                                                                                                                                                • Opcode Fuzzy Hash: 59875573e72320a7118c1066d22839fbe5f18940918a11b40eb48330f722db00
                                                                                                                                                                • Instruction Fuzzy Hash: A2A16872A043869FEB22DF28C8917AFBBE5EF65350F14416DF4959B382C2B48D86C750
                                                                                                                                                                Function 00A211E0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetDC.USER32(?), ref: 00A21206
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00A21214
                                                                                                                                                                • GetTextExtentPoint32W.GDI32(?,00000000,-00000002,?), ref: 00A2128F
                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 00A212D5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExtentObjectPoint32ReleaseSelectText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4006923989-0
                                                                                                                                                                • Opcode ID: fc06e3a288367da1f9f7b7471073718c27f9bd7ebb55a75bc4be123b1e5d70fa
                                                                                                                                                                • Instruction ID: 3f9dd313d553d3447c850e5a9b1ed7a1e010ac3c1113da2a3d401cd89635b042
                                                                                                                                                                • Opcode Fuzzy Hash: fc06e3a288367da1f9f7b7471073718c27f9bd7ebb55a75bc4be123b1e5d70fa
                                                                                                                                                                • Instruction Fuzzy Hash: 1C31127AA00218ABCB50DF54DD45ADAB7F9FF99300F14C1A5F949A3200DA716E868FD0
                                                                                                                                                                Function 00A332B2 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00A332CC
                                                                                                                                                                  • Part of subcall function 00A33219: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00A33248
                                                                                                                                                                  • Part of subcall function 00A33219: ___AdjustPointer.LIBCMT ref: 00A33263
                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00A332E1
                                                                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00A332F2
                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00A3331A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 737400349-0
                                                                                                                                                                • Opcode ID: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                • Instruction ID: b7c94e189123dd61deeafe2792e618df5f373e703e0b883a70ee430f26803f77
                                                                                                                                                                • Opcode Fuzzy Hash: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                • Instruction Fuzzy Hash: 35014833200208BBDF126F95CD41EEB7B69EFA8754F048108FE58A6121C736E961DBA0
                                                                                                                                                                Function 00A3B1D4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00A3B17B,?,00000000,00000000,00000000,?,00A3B378,00000006,FlsSetValue), ref: 00A3B206
                                                                                                                                                                • GetLastError.KERNEL32(?,00A3B17B,?,00000000,00000000,00000000,?,00A3B378,00000006,FlsSetValue,00A46E08,FlsSetValue,00000000,00000364,?,00A38B77), ref: 00A3B212
                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A3B17B,?,00000000,00000000,00000000,?,00A3B378,00000006,FlsSetValue,00A46E08,FlsSetValue,00000000), ref: 00A3B220
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                • Opcode ID: 0ce085f255805cd6d2d1b0501516c09d79d1f29ac064eac0763b0fbbdfa8c280
                                                                                                                                                                • Instruction ID: 781eabe0586f3d2d7b2ba254ca417469a163f2fd245fef852151bb08df0e5df2
                                                                                                                                                                • Opcode Fuzzy Hash: 0ce085f255805cd6d2d1b0501516c09d79d1f29ac064eac0763b0fbbdfa8c280
                                                                                                                                                                • Instruction Fuzzy Hash: 3401D83E6212266BCB218BF9AC449DB7799AF577A1F214720FA06D7140D721D901C6F0
                                                                                                                                                                Function 00A30A80 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(00A4EA40,?,?,00A2219F,00A4E97C), ref: 00A30A8A
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00A4EA40,?,?,00A2219F,00A4E97C), ref: 00A30ABD
                                                                                                                                                                • SetEvent.KERNEL32(00000000,00A2219F,00A4E97C), ref: 00A30B4B
                                                                                                                                                                • ResetEvent.KERNEL32 ref: 00A30B57
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3553466030-0
                                                                                                                                                                • Opcode ID: b1028635bf7bfc5d522ccfdefe8c545e2859a5eaffaebd01bbee27c88c4bba03
                                                                                                                                                                • Instruction ID: b90583bcc55baef0beadef483d781e2c12335c9965cfea9f8ec3cc0805b9ca6d
                                                                                                                                                                • Opcode Fuzzy Hash: b1028635bf7bfc5d522ccfdefe8c545e2859a5eaffaebd01bbee27c88c4bba03
                                                                                                                                                                • Instruction Fuzzy Hash: E8014F7E600220DBCF04DFA8FC5995577A8FBCB3567004469F80297720CB726D02CB95
                                                                                                                                                                Function 00A23B70 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • #17.COMCTL32 ref: 00A23B84
                                                                                                                                                                • LoadStringW.USER32(00A20000,000003E9,?,00000000), ref: 00A23BA1
                                                                                                                                                                • LoadStringW.USER32(00A20000,?,?,00000000), ref: 00A23BBA
                                                                                                                                                                • MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00A23BCF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LoadString$Message
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2278601591-0
                                                                                                                                                                • Opcode ID: d252b4637fe4d438bab31de3e8a95611f92cfd72256bd39f3abf9d00c6f4b651
                                                                                                                                                                • Instruction ID: 144e360507d11fde7c99a04713e817e2acd49634435fc35a7e88d50bd7bb4772
                                                                                                                                                                • Opcode Fuzzy Hash: d252b4637fe4d438bab31de3e8a95611f92cfd72256bd39f3abf9d00c6f4b651
                                                                                                                                                                • Instruction Fuzzy Hash: A6F03C79A44218BBEB10EFD4DC0AFDDBB78EB49701F004095FA05A6190CBB15A458B95
                                                                                                                                                                Function 00A28880 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 315COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00A28C7A
                                                                                                                                                                  • Part of subcall function 00A2FC70: GetProcessHeap.KERNEL32(00000000,?,?,?,?,00000000), ref: 00A2FCB3
                                                                                                                                                                  • Part of subcall function 00A2FC70: HeapFree.KERNEL32(00000000), ref: 00A2FCBA
                                                                                                                                                                  • Part of subcall function 00A2ED90: GetProcessHeap.KERNEL32(00000000,8B55CCCC,00A282E6,?,00A28A31,?,?,?), ref: 00A2EDB7
                                                                                                                                                                  • Part of subcall function 00A2ED90: HeapFree.KERNEL32(00000000,?,?), ref: 00A2EDBE
                                                                                                                                                                  • Part of subcall function 00A2FAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00A2FC26
                                                                                                                                                                  • Part of subcall function 00A2FAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00A2FC2D
                                                                                                                                                                  • Part of subcall function 00A2FAC0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00A2FC4D
                                                                                                                                                                  • Part of subcall function 00A2FAC0: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00A2FC54
                                                                                                                                                                  • Part of subcall function 00A2E450: GetProcessHeap.KERNEL32(00000000,00000001), ref: 00A2EC60
                                                                                                                                                                  • Part of subcall function 00A2E450: HeapFree.KERNEL32(00000000), ref: 00A2EC67
                                                                                                                                                                Strings
                                                                                                                                                                • Unable to read digest or signature!, xrefs: 00A28C47
                                                                                                                                                                • Unable to initialize DSA parameters!, xrefs: 00A28C50
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$FreeProcess$Exception@8Throw
                                                                                                                                                                • String ID: Unable to initialize DSA parameters!$Unable to read digest or signature!
                                                                                                                                                                • API String ID: 786774151-2226104879
                                                                                                                                                                • Opcode ID: fdd18d8404dba324e4a40c290175e2b5888c28895454e5e03f4a56f158c04fed
                                                                                                                                                                • Instruction ID: e4a12fe10936e51681dc8c2a38a0a9c3d4e4732f2174f9b0b50e606d77409cb2
                                                                                                                                                                • Opcode Fuzzy Hash: fdd18d8404dba324e4a40c290175e2b5888c28895454e5e03f4a56f158c04fed
                                                                                                                                                                • Instruction Fuzzy Hash: A6B1BCB2D0122C9ADF50DBA8ED45BDEB3BCAB08704F444576F509E6141EB74EA84CB61
                                                                                                                                                                Function 00A316E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00A3176C: GetLastError.KERNEL32 ref: 00A3177E
                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00A2100A), ref: 00A31713
                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A2100A), ref: 00A31722
                                                                                                                                                                Strings
                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A3171D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                • API String ID: 389471666-631824599
                                                                                                                                                                • Opcode ID: 35b9a6a6c33de80fb5732bef431b19462c61ef4d64e8132ec5933c6b76655e95
                                                                                                                                                                • Instruction ID: f56ff5393221c50a3a81eddd3166f8ee1c9f0ac37fc5039d3a03ff16f5e42343
                                                                                                                                                                • Opcode Fuzzy Hash: 35b9a6a6c33de80fb5732bef431b19462c61ef4d64e8132ec5933c6b76655e95
                                                                                                                                                                • Instruction Fuzzy Hash: 0DE06D7C6003518BD760DF69E9057427AE4BB45344F04892CF452C2A41D7B5D4068FA1
                                                                                                                                                                Function 00A2FAC0 Relevance: 5.2, APIs: 4, Instructions: 151memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00A2FC26
                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00A2FC2D
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 00A2FC4D
                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 00A2FC54
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$FreeProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3859560861-0
                                                                                                                                                                • Opcode ID: f27c9c9d094f2bd3ca48b9f99c44759df1d5b2971ad6999db1411863b19f7e50
                                                                                                                                                                • Instruction ID: 0f4e88ad68dd0ef6e8fa8c74bc4e9429bd362f5c645d39d4983a20364694e322
                                                                                                                                                                • Opcode Fuzzy Hash: f27c9c9d094f2bd3ca48b9f99c44759df1d5b2971ad6999db1411863b19f7e50
                                                                                                                                                                • Instruction Fuzzy Hash: B9517C75E002299FCF10CFA8D994AEEB7B8EF49314F044178E914AB351D775AE06CBA0
                                                                                                                                                                Function 00A2F800 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000004,?,?,?,00A2FCED,?,00000000,?,?,?,00000000), ref: 00A2F814
                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00A2FCED,?,00000000,?,?,?,00000000), ref: 00A2F81B
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?,00A2FCED,?,00000000,?,?,?,00000000), ref: 00A2F85A
                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00A2F861
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$Process$AllocFree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 756756679-0
                                                                                                                                                                • Opcode ID: 0576a7be495c81e10c7c241e701db51d80ccd77207a10404889b04003a11590b
                                                                                                                                                                • Instruction ID: 1793e263e100eb1e69838e39a4c0bb214180bb2a9bb73f9fe8ca1aec7553f441
                                                                                                                                                                • Opcode Fuzzy Hash: 0576a7be495c81e10c7c241e701db51d80ccd77207a10404889b04003a11590b
                                                                                                                                                                • Instruction Fuzzy Hash: D211BFBA600521ABD7109F69DC06B6AF768FF80364F048634F918D7640C332E921CBD0
                                                                                                                                                                Function 00A2F080 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,00A2FCDE,?,?,?,?,?,00000000), ref: 00A2F0A3
                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00A2FCDE,?,?,?,?,?,00000000), ref: 00A2F0AA
                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00A2FCDE,?,?,?,?,?,00000000), ref: 00A2F0E2
                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 00A2F0E9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000000.00000002.3634437623.0000000000A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                • Associated: 00000000.00000002.3634300183.0000000000A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634628779.0000000000A43000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634743349.0000000000A4E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000000.00000002.3634906476.0000000000A51000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_0_2_a20000_avast_free_antivirus_setup_online.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$Process$AllocFree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 756756679-0
                                                                                                                                                                • Opcode ID: 15bf5042badd3bf4f5eac7003907f6f79201bc5386420824ed47f6d50dedcbff
                                                                                                                                                                • Instruction ID: 236e5c429f3973d0440c7be1f01ddf7c30b6ca4a47b7027acc2d272245714100
                                                                                                                                                                • Opcode Fuzzy Hash: 15bf5042badd3bf4f5eac7003907f6f79201bc5386420824ed47f6d50dedcbff
                                                                                                                                                                • Instruction Fuzzy Hash: 0B01F9762042019FE710DF9DEC45A27B7ACEF80321F048639F51AC3251D731E901CB60

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:4.9%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                Total number of Nodes:1998
                                                                                                                                                                Total number of Limit Nodes:48
                                                                                                                                                                execution_graph 13858 7ff6e03b5900 13859 7ff6e03b592b 13858->13859 13862 7ff6e0458b04 13859->13862 13863 7ff6e0458b3d 13862->13863 13866 7ff6e0458b80 13863->13866 13872 7ff6e0453ef0 13863->13872 13864 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13867 7ff6e0458bbf 13864->13867 13866->13864 13866->13867 13868 7ff6e0458be5 13867->13868 13869 7ff6e04485e0 _invalid_parameter_noinfo_noreturn 52 API calls 13867->13869 13870 7ff6e03b594c 13868->13870 13871 7ff6e04485e0 _invalid_parameter_noinfo_noreturn 52 API calls 13868->13871 13869->13868 13871->13870 13873 7ff6e0453f33 13872->13873 13874 7ff6e0453f5f 13872->13874 13875 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13873->13875 13874->13873 13876 7ff6e0453f69 13874->13876 13877 7ff6e0453f57 13875->13877 13883 7ff6e0456794 13876->13883 13879 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13877->13879 13880 7ff6e0454078 13879->13880 13880->13866 13881 7ff6e0466874 __free_lconv_num 11 API calls 13881->13877 13884 7ff6e04567d2 13883->13884 13885 7ff6e04567c2 13883->13885 13886 7ff6e0456808 13884->13886 13887 7ff6e04567d8 13884->13887 13888 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13885->13888 13886->13885 13890 7ff6e0454007 13886->13890 13894 7ff6e0457430 13886->13894 13925 7ff6e0456eb8 13886->13925 13960 7ff6e0455ff0 13886->13960 13889 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13887->13889 13888->13890 13889->13890 13890->13881 13895 7ff6e04574e6 13894->13895 13896 7ff6e0457474 13894->13896 13898 7ff6e04574ec 13895->13898 13899 7ff6e0457564 13895->13899 13897 7ff6e0457557 13896->13897 13909 7ff6e045747a 13896->13909 13991 7ff6e0455200 13897->13991 13898->13897 13902 7ff6e04574f8 13898->13902 13903 7ff6e0457550 13898->13903 13998 7ff6e0457bcc 13899->13998 13901 7ff6e04574b9 13923 7ff6e045756f 13901->13923 13963 7ff6e0457ef0 13901->13963 13906 7ff6e04574fe 13902->13906 13907 7ff6e0457530 13902->13907 13987 7ff6e0457fb4 13903->13987 13912 7ff6e0457519 13906->13912 13914 7ff6e045750a 13906->13914 13917 7ff6e04574d9 13906->13917 13980 7ff6e0454e2c 13907->13980 13909->13899 13909->13901 13909->13912 13913 7ff6e04574a4 13909->13913 13909->13923 13910 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13915 7ff6e045786e 13910->13915 13976 7ff6e0458100 13912->13976 13916 7ff6e04574a9 13913->13916 13913->13917 13914->13897 13914->13917 13915->13886 13916->13899 13916->13901 13920 7ff6e04574ca 13916->13920 13917->13923 13969 7ff6e04555d4 13917->13969 13920->13923 13924 7ff6e0457755 13920->13924 14008 7ff6e044a080 13920->14008 13923->13910 13924->13923 14015 7ff6e0467864 13924->14015 13926 7ff6e0456edc 13925->13926 13927 7ff6e0456ec6 13925->13927 13928 7ff6e0456f1c 13926->13928 13931 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13926->13931 13927->13928 13929 7ff6e04574e6 13927->13929 13930 7ff6e0457474 13927->13930 13928->13886 13933 7ff6e04574ec 13929->13933 13934 7ff6e0457564 13929->13934 13932 7ff6e0457557 13930->13932 13939 7ff6e045747a 13930->13939 13931->13928 13938 7ff6e0455200 53 API calls 13932->13938 13933->13932 13936 7ff6e04574f8 13933->13936 13937 7ff6e0457550 13933->13937 13935 7ff6e0457bcc 54 API calls 13934->13935 13955 7ff6e04574ca 13935->13955 13941 7ff6e04574fe 13936->13941 13942 7ff6e0457530 13936->13942 13940 7ff6e0457fb4 52 API calls 13937->13940 13938->13955 13939->13934 13945 7ff6e0457519 13939->13945 13948 7ff6e04574a4 13939->13948 13954 7ff6e04574b9 13939->13954 13958 7ff6e045756f 13939->13958 13940->13955 13944 7ff6e045750a 13941->13944 13941->13945 13949 7ff6e04574d9 13941->13949 13947 7ff6e0454e2c 53 API calls 13942->13947 13943 7ff6e0457ef0 53 API calls 13943->13955 13944->13932 13944->13949 13950 7ff6e0458100 52 API calls 13945->13950 13946 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13951 7ff6e045786e 13946->13951 13947->13955 13948->13949 13952 7ff6e04574a9 13948->13952 13953 7ff6e04555d4 53 API calls 13949->13953 13949->13958 13950->13955 13951->13886 13952->13934 13952->13954 13952->13955 13953->13955 13954->13943 13954->13958 13956 7ff6e044a080 ProcessCodePage 52 API calls 13955->13956 13955->13958 13959 7ff6e0457755 13955->13959 13956->13959 13957 7ff6e0467864 53 API calls 13957->13959 13958->13946 13959->13957 13959->13958 14238 7ff6e04544ec 13960->14238 13965 7ff6e0457f23 13963->13965 13964 7ff6e0457f68 13964->13920 13965->13964 13966 7ff6e0457f41 13965->13966 13967 7ff6e044a080 ProcessCodePage 52 API calls 13965->13967 13968 7ff6e0467864 53 API calls 13966->13968 13967->13966 13968->13964 13970 7ff6e04555fa 13969->13970 13971 7ff6e0455624 13970->13971 13973 7ff6e04556db 13970->13973 13975 7ff6e0455660 13971->13975 14027 7ff6e0454150 13971->14027 13974 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13973->13974 13974->13975 13975->13920 13977 7ff6e0458141 13976->13977 13979 7ff6e0458145 __crtLCMapStringW 13977->13979 14042 7ff6e0458198 13977->14042 13979->13920 13981 7ff6e0454e52 13980->13981 13982 7ff6e0454e7c 13981->13982 13984 7ff6e0454f33 13981->13984 13983 7ff6e0454150 12 API calls 13982->13983 13986 7ff6e0454eb8 13982->13986 13983->13986 13985 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13984->13985 13985->13986 13986->13920 13988 7ff6e0457fd3 13987->13988 13989 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13988->13989 13990 7ff6e0458004 13988->13990 13989->13990 13990->13920 13993 7ff6e0455226 13991->13993 13992 7ff6e0455250 13994 7ff6e0454150 12 API calls 13992->13994 13997 7ff6e045528c 13992->13997 13993->13992 13995 7ff6e0455307 13993->13995 13994->13997 13996 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 13995->13996 13996->13997 13997->13920 13999 7ff6e0457bf2 13998->13999 14046 7ff6e04540a8 13999->14046 14004 7ff6e044a080 ProcessCodePage 52 API calls 14006 7ff6e0457d30 14004->14006 14005 7ff6e0457dbe 14005->13920 14006->14005 14007 7ff6e044a080 ProcessCodePage 52 API calls 14006->14007 14007->14005 14009 7ff6e04485e0 _invalid_parameter_noinfo_noreturn 52 API calls 14008->14009 14010 7ff6e044a097 14009->14010 14204 7ff6e046699c 14010->14204 14016 7ff6e0467895 14015->14016 14025 7ff6e04678a3 14015->14025 14017 7ff6e04678c3 14016->14017 14020 7ff6e044a080 ProcessCodePage 52 API calls 14016->14020 14016->14025 14018 7ff6e04678fb 14017->14018 14019 7ff6e04678d4 14017->14019 14022 7ff6e0467986 14018->14022 14023 7ff6e0467925 14018->14023 14018->14025 14228 7ff6e0471288 14019->14228 14020->14017 14024 7ff6e046de84 std::_Locinfo::_Locinfo_ctor MultiByteToWideChar 14022->14024 14023->14025 14231 7ff6e046de84 14023->14231 14024->14025 14025->13924 14028 7ff6e0454176 14027->14028 14029 7ff6e0454187 14027->14029 14028->13975 14029->14028 14035 7ff6e0466814 14029->14035 14032 7ff6e04541cc 14033 7ff6e0466874 __free_lconv_num 11 API calls 14032->14033 14033->14028 14034 7ff6e0466874 __free_lconv_num 11 API calls 14034->14032 14036 7ff6e046685f 14035->14036 14040 7ff6e0466823 _set_errno_from_matherr 14035->14040 14037 7ff6e044a67c _set_errno_from_matherr 11 API calls 14036->14037 14039 7ff6e04541b8 14037->14039 14038 7ff6e0466846 HeapAlloc 14038->14039 14038->14040 14039->14032 14039->14034 14040->14036 14040->14038 14041 7ff6e0464fac std::_Facet_Register 2 API calls 14040->14041 14041->14040 14043 7ff6e04581b6 14042->14043 14044 7ff6e04581be 14042->14044 14045 7ff6e044a080 ProcessCodePage 52 API calls 14043->14045 14044->13979 14045->14044 14047 7ff6e04540df 14046->14047 14053 7ff6e04540ce 14046->14053 14048 7ff6e0466814 std::_Locinfo::_Locinfo_ctor 12 API calls 14047->14048 14047->14053 14049 7ff6e045410c 14048->14049 14050 7ff6e0454120 14049->14050 14052 7ff6e0466874 __free_lconv_num 11 API calls 14049->14052 14051 7ff6e0466874 __free_lconv_num 11 API calls 14050->14051 14051->14053 14052->14050 14054 7ff6e04693e0 14053->14054 14055 7ff6e04693fd 14054->14055 14057 7ff6e0469430 14054->14057 14056 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 14055->14056 14066 7ff6e0457d0e 14056->14066 14057->14055 14058 7ff6e0469462 14057->14058 14063 7ff6e0469575 14058->14063 14069 7ff6e04694aa 14058->14069 14059 7ff6e0469667 14100 7ff6e04688b0 14059->14100 14060 7ff6e046962d 14093 7ff6e0468c64 14060->14093 14062 7ff6e04695fc 14086 7ff6e0468f44 14062->14086 14063->14059 14063->14060 14063->14062 14065 7ff6e04695bf 14063->14065 14068 7ff6e04695b5 14063->14068 14076 7ff6e0469174 14065->14076 14066->14004 14066->14006 14068->14060 14071 7ff6e04695ba 14068->14071 14069->14066 14072 7ff6e045cd04 __std_exception_copy 52 API calls 14069->14072 14071->14062 14071->14065 14073 7ff6e0469562 14072->14073 14073->14066 14074 7ff6e0448a20 _invalid_parameter_noinfo_noreturn 17 API calls 14073->14074 14075 7ff6e04696c4 14074->14075 14109 7ff6e0471be8 14076->14109 14078 7ff6e04691c1 14148 7ff6e0471a64 14078->14148 14080 7ff6e0469220 14080->14066 14081 7ff6e046921c 14081->14080 14082 7ff6e0469271 14081->14082 14084 7ff6e046923c 14081->14084 14156 7ff6e0468d60 14082->14156 14152 7ff6e046901c 14084->14152 14087 7ff6e0471be8 53 API calls 14086->14087 14088 7ff6e0468f8e 14087->14088 14089 7ff6e0471a64 52 API calls 14088->14089 14090 7ff6e0468fde 14089->14090 14091 7ff6e0468fe2 14090->14091 14092 7ff6e046901c 52 API calls 14090->14092 14091->14066 14092->14091 14094 7ff6e0471be8 53 API calls 14093->14094 14095 7ff6e0468caf 14094->14095 14096 7ff6e0471a64 52 API calls 14095->14096 14097 7ff6e0468d07 14096->14097 14098 7ff6e0468d0b 14097->14098 14099 7ff6e0468d60 52 API calls 14097->14099 14098->14066 14099->14098 14101 7ff6e0468928 14100->14101 14102 7ff6e04688f5 14100->14102 14104 7ff6e0468943 14101->14104 14106 7ff6e04689c7 14101->14106 14103 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 14102->14103 14108 7ff6e0468921 __scrt_get_show_window_mode 14103->14108 14105 7ff6e0468c64 53 API calls 14104->14105 14105->14108 14107 7ff6e044a080 ProcessCodePage 52 API calls 14106->14107 14106->14108 14107->14108 14108->14066 14110 7ff6e0471c3c fegetenv 14109->14110 14167 7ff6e0473c4c 14110->14167 14112 7ff6e0471d7f 14173 7ff6e0473d70 14112->14173 14113 7ff6e0471cbf 14116 7ff6e045cd04 __std_exception_copy 52 API calls 14113->14116 14114 7ff6e0471c90 14114->14112 14117 7ff6e0471d5c 14114->14117 14118 7ff6e0471cac 14114->14118 14119 7ff6e0471d3d 14116->14119 14120 7ff6e045cd04 __std_exception_copy 52 API calls 14117->14120 14118->14112 14118->14113 14121 7ff6e0472e12 14119->14121 14133 7ff6e0471d45 14119->14133 14120->14119 14122 7ff6e0448a20 _invalid_parameter_noinfo_noreturn 17 API calls 14121->14122 14123 7ff6e0472e27 14122->14123 14123->14078 14124 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 14125 7ff6e0472e00 14124->14125 14125->14078 14126 7ff6e0472193 __scrt_get_show_window_mode 14127 7ff6e04724d4 14191 7ff6e0451750 14127->14191 14129 7ff6e047247f 14129->14127 14182 7ff6e0453844 14129->14182 14130 7ff6e0471e2b _Yarn 14143 7ff6e0472287 _Yarn __scrt_get_show_window_mode 14130->14143 14144 7ff6e047276d _Yarn __scrt_get_show_window_mode 14130->14144 14131 7ff6e0471dea __scrt_get_show_window_mode 14131->14126 14131->14130 14134 7ff6e044a67c _set_errno_from_matherr 11 API calls 14131->14134 14133->14124 14135 7ff6e0472264 14134->14135 14137 7ff6e04489d0 _invalid_parameter_noinfo 52 API calls 14135->14137 14137->14130 14138 7ff6e0453844 memcpy_s 52 API calls 14146 7ff6e0472c42 14138->14146 14139 7ff6e044a67c 11 API calls _set_errno_from_matherr 14139->14143 14140 7ff6e044a67c 11 API calls _set_errno_from_matherr 14140->14144 14141 7ff6e0451750 52 API calls 14141->14146 14142 7ff6e04489d0 52 API calls _invalid_parameter_noinfo 14142->14143 14143->14129 14143->14139 14143->14142 14144->14127 14144->14129 14144->14140 14147 7ff6e04489d0 52 API calls _invalid_parameter_noinfo 14144->14147 14145 7ff6e0453844 memcpy_s 52 API calls 14145->14146 14146->14133 14146->14141 14146->14145 14147->14144 14149 7ff6e0471a8c 14148->14149 14150 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 14149->14150 14151 7ff6e0471aba _Yarn 14149->14151 14150->14151 14151->14081 14153 7ff6e0469048 _Yarn 14152->14153 14154 7ff6e044a080 ProcessCodePage 52 API calls 14153->14154 14155 7ff6e0469102 _Yarn __scrt_get_show_window_mode 14153->14155 14154->14155 14155->14080 14155->14155 14157 7ff6e0468d9b 14156->14157 14160 7ff6e0468de8 _Yarn 14156->14160 14158 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 14157->14158 14159 7ff6e0468dc7 14158->14159 14159->14080 14161 7ff6e0468e53 14160->14161 14163 7ff6e044a080 ProcessCodePage 52 API calls 14160->14163 14162 7ff6e045cd04 __std_exception_copy 52 API calls 14161->14162 14166 7ff6e0468e95 _Yarn 14162->14166 14163->14161 14164 7ff6e0448a20 _invalid_parameter_noinfo_noreturn 17 API calls 14165 7ff6e0468f40 14164->14165 14166->14164 14168 7ff6e0473c69 14167->14168 14172 7ff6e0473c8a 14167->14172 14169 7ff6e044a67c _set_errno_from_matherr 11 API calls 14168->14169 14170 7ff6e0473c7e 14169->14170 14171 7ff6e04489d0 _invalid_parameter_noinfo 52 API calls 14170->14171 14171->14172 14172->14114 14174 7ff6e0474070 14173->14174 14176 7ff6e0473d87 14173->14176 14175 7ff6e0474020 14180 7ff6e04747e0 _log10_special 20 API calls 14175->14180 14181 7ff6e0474016 14175->14181 14176->14175 14177 7ff6e0474002 14176->14177 14178 7ff6e0473def 14176->14178 14201 7ff6e04747e0 14177->14201 14178->14131 14180->14181 14181->14131 14184 7ff6e0453865 __scrt_get_show_window_mode 14182->14184 14189 7ff6e0453861 _Yarn 14182->14189 14183 7ff6e045386a 14185 7ff6e044a67c _set_errno_from_matherr 11 API calls 14183->14185 14184->14183 14187 7ff6e04538a5 14184->14187 14184->14189 14186 7ff6e045386f 14185->14186 14188 7ff6e04489d0 _invalid_parameter_noinfo 52 API calls 14186->14188 14187->14189 14190 7ff6e044a67c _set_errno_from_matherr 11 API calls 14187->14190 14188->14189 14189->14127 14190->14186 14192 7ff6e0451778 14191->14192 14200 7ff6e04517bf 14191->14200 14193 7ff6e04517c6 14192->14193 14194 7ff6e04517a0 14192->14194 14192->14200 14196 7ff6e04517cb 14193->14196 14197 7ff6e0451801 14193->14197 14195 7ff6e0453844 memcpy_s 52 API calls 14194->14195 14195->14200 14198 7ff6e0453844 memcpy_s 52 API calls 14196->14198 14199 7ff6e0453844 memcpy_s 52 API calls 14197->14199 14198->14200 14199->14200 14200->14138 14200->14146 14202 7ff6e0474800 _log10_special 20 API calls 14201->14202 14203 7ff6e04747fb 14202->14203 14203->14181 14205 7ff6e044a0bf 14204->14205 14206 7ff6e04669b5 14204->14206 14208 7ff6e0466a08 14205->14208 14206->14205 14212 7ff6e046e214 14206->14212 14209 7ff6e044a0cf 14208->14209 14210 7ff6e0466a21 14208->14210 14209->13924 14210->14209 14225 7ff6e046eb50 14210->14225 14213 7ff6e04664b0 TranslateName 52 API calls 14212->14213 14214 7ff6e046e223 14213->14214 14215 7ff6e046e26e 14214->14215 14224 7ff6e0463748 EnterCriticalSection 14214->14224 14215->14205 14226 7ff6e04664b0 TranslateName 52 API calls 14225->14226 14227 7ff6e046eb59 14226->14227 14234 7ff6e0473940 14228->14234 14232 7ff6e046de8c MultiByteToWideChar 14231->14232 14237 7ff6e04739a4 std::_Locinfo::_Locinfo_ctor 14234->14237 14235 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 14236 7ff6e04712a5 14235->14236 14236->14025 14237->14235 14239 7ff6e0454533 14238->14239 14240 7ff6e0454521 14238->14240 14243 7ff6e0454541 14239->14243 14246 7ff6e045457d 14239->14246 14241 7ff6e044a67c _set_errno_from_matherr 11 API calls 14240->14241 14242 7ff6e0454526 14241->14242 14244 7ff6e04489d0 _invalid_parameter_noinfo 52 API calls 14242->14244 14245 7ff6e0448900 _invalid_parameter_noinfo_noreturn 52 API calls 14243->14245 14252 7ff6e0454531 14244->14252 14245->14252 14247 7ff6e04548dd 14246->14247 14249 7ff6e044a67c _set_errno_from_matherr 11 API calls 14246->14249 14248 7ff6e044a67c _set_errno_from_matherr 11 API calls 14247->14248 14247->14252 14250 7ff6e0454b7d 14248->14250 14251 7ff6e04548d2 14249->14251 14253 7ff6e04489d0 _invalid_parameter_noinfo 52 API calls 14250->14253 14254 7ff6e04489d0 _invalid_parameter_noinfo 52 API calls 14251->14254 14252->13886 14253->14252 14254->14247 12563 7ff6e038c020 12564 7ff6e038c037 12563->12564 12572 7ff6e038c061 12563->12572 12565 7ff6e038c040 12564->12565 12566 7ff6e038c076 12564->12566 12568 7ff6e04389e0 std::_Facet_Register 56 API calls 12565->12568 12567 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12566->12567 12569 7ff6e038c048 12567->12569 12568->12569 12570 7ff6e038c050 12569->12570 12571 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12569->12571 12574 7ff6e038c081 12571->12574 12573 7ff6e038c06f 12572->12573 12575 7ff6e0464fac std::_Facet_Register 2 API calls 12572->12575 12576 7ff6e0438a0a 12572->12576 12575->12572 12577 7ff6e0438a15 12576->12577 12578 7ff6e0434cb4 Concurrency::cancel_current_task 56 API calls 12576->12578 12579 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12577->12579 12578->12577 12580 7ff6e0438a1b 12579->12580 12581 7ff6e03eb240 12582 7ff6e03eb27b 12581->12582 12584 7ff6e03eb291 12581->12584 12583 7ff6e03eb3ab CompareStringW 12583->12584 12584->12583 12585 7ff6e03eb49d CompareStringW 12584->12585 12586 7ff6e03eb2ac 12584->12586 12585->12584 12585->12586 12587 7ff6e03e9e80 12588 7ff6e03e9eaf 12587->12588 12589 7ff6e03e9eb5 12588->12589 12594 7ff6e03eb170 12588->12594 12592 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12593 7ff6e03e9f1e 12592->12593 12601 7ff6e038faa0 12594->12601 12600 7ff6e03e9f0d 12600->12592 12602 7ff6e038fb29 12601->12602 12632 7ff6e038ed00 12602->12632 12604 7ff6e038fb8c __scrt_get_show_window_mode 12643 7ff6e0390820 12604->12643 12608 7ff6e038fc4d 12609 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12608->12609 12611 7ff6e038fc60 12609->12611 12613 7ff6e0429160 12611->12613 13778 7ff6e038c370 12613->13778 12615 7ff6e04291a9 12616 7ff6e043ab30 __std_exception_copy 54 API calls 12615->12616 12617 7ff6e04291ed 12616->12617 12618 7ff6e0429211 12617->12618 12619 7ff6e043abc0 __std_exception_destroy 13 API calls 12617->12619 12620 7ff6e043abc0 __std_exception_destroy 13 API calls 12618->12620 12621 7ff6e0429200 12619->12621 12622 7ff6e0429223 12620->12622 12623 7ff6e043ab30 __std_exception_copy 54 API calls 12621->12623 12624 7ff6e03a64b0 52 API calls 12622->12624 12623->12618 12625 7ff6e042922d 12624->12625 12626 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12625->12626 12627 7ff6e03eb216 12626->12627 12628 7ff6e038bf20 12627->12628 12629 7ff6e038bf39 12628->12629 12630 7ff6e038bf62 12628->12630 12629->12628 12629->12630 12631 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12629->12631 12630->12600 12631->12629 12635 7ff6e038ed29 12632->12635 12641 7ff6e038edfe _Yarn 12632->12641 12633 7ff6e038ee3d 12634 7ff6e038bfb0 Concurrency::cancel_current_task 56 API calls 12633->12634 12636 7ff6e038ee43 12634->12636 12635->12633 12637 7ff6e038ee37 12635->12637 12638 7ff6e038c020 Concurrency::cancel_current_task 56 API calls 12635->12638 12639 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12637->12639 12640 7ff6e038edb1 _Yarn 12638->12640 12639->12633 12640->12641 12642 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12640->12642 12641->12604 12642->12637 12644 7ff6e038fbfe 12643->12644 12649 7ff6e039084e 12643->12649 12650 7ff6e03907a0 12644->12650 12646 7ff6e0390989 12794 7ff6e03a6480 12646->12794 12649->12644 12649->12646 12728 7ff6e0390d30 12649->12728 12651 7ff6e03907e4 12650->12651 12652 7ff6e0390bf0 118 API calls 12651->12652 12653 7ff6e039080b 12652->12653 12654 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12653->12654 12655 7ff6e038fc07 12654->12655 12655->12608 12656 7ff6e0390bf0 12655->12656 12657 7ff6e0390c1b 12656->12657 12658 7ff6e0390d1d 12656->12658 12677 7ff6e0390c36 _Yarn 12657->12677 13767 7ff6e03913d0 12657->13767 12659 7ff6e038e150 76 API calls 12658->12659 12661 7ff6e0390d22 12659->12661 12663 7ff6e039103a 12661->12663 12664 7ff6e0390d81 12661->12664 12681 7ff6e0390da3 12661->12681 12662 7ff6e0390d12 12662->12608 12665 7ff6e03a6480 56 API calls 12663->12665 12666 7ff6e0390d8e 12664->12666 12667 7ff6e0391061 12664->12667 12668 7ff6e0391047 12665->12668 12669 7ff6e03923b0 56 API calls 12666->12669 12670 7ff6e03a6480 56 API calls 12667->12670 12673 7ff6e03a6480 56 API calls 12668->12673 12671 7ff6e0390d9e 12669->12671 12672 7ff6e039106e 12670->12672 12674 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12671->12674 12680 7ff6e03a6480 56 API calls 12672->12680 12675 7ff6e0391054 12673->12675 12676 7ff6e0391013 12674->12676 12685 7ff6e03a6480 56 API calls 12675->12685 12676->12608 12677->12608 12678 7ff6e0390eeb 12684 7ff6e0391021 12678->12684 12689 7ff6e0390ef5 12678->12689 12679 7ff6e0390edb 12682 7ff6e03923b0 56 API calls 12679->12682 12683 7ff6e039107b 12680->12683 12681->12663 12681->12667 12681->12668 12681->12671 12681->12675 12681->12678 12681->12679 12682->12671 12688 7ff6e03a6480 56 API calls 12683->12688 12686 7ff6e03a6480 56 API calls 12684->12686 12685->12667 12687 7ff6e039102d 12686->12687 12691 7ff6e03a6480 56 API calls 12687->12691 12690 7ff6e0391088 12688->12690 12689->12672 12693 7ff6e0392f80 118 API calls 12689->12693 12701 7ff6e0390f3e 12689->12701 12692 7ff6e0391373 12690->12692 12695 7ff6e03910df 12690->12695 12711 7ff6e0391101 12690->12711 12691->12663 12694 7ff6e03a6480 56 API calls 12692->12694 12696 7ff6e0390fb1 12693->12696 12697 7ff6e0391380 12694->12697 12698 7ff6e039139a 12695->12698 12699 7ff6e03910ec 12695->12699 12696->12683 12706 7ff6e0392030 52 API calls 12696->12706 12703 7ff6e03a6480 56 API calls 12697->12703 12702 7ff6e03a6480 56 API calls 12698->12702 12700 7ff6e0391900 56 API calls 12699->12700 12704 7ff6e03910fc 12700->12704 12701->12671 12701->12687 12705 7ff6e03913a7 12702->12705 12707 7ff6e039138d 12703->12707 12708 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12704->12708 12713 7ff6e03a6480 56 API calls 12705->12713 12706->12701 12716 7ff6e03a6480 56 API calls 12707->12716 12712 7ff6e039134c 12708->12712 12709 7ff6e0391230 12715 7ff6e039135a 12709->12715 12722 7ff6e0391238 12709->12722 12710 7ff6e0391220 12714 7ff6e0391900 56 API calls 12710->12714 12711->12692 12711->12697 12711->12698 12711->12704 12711->12707 12711->12709 12711->12710 12712->12608 12717 7ff6e03913b4 12713->12717 12714->12704 12718 7ff6e03a6480 56 API calls 12715->12718 12716->12698 12720 7ff6e03a6480 56 API calls 12717->12720 12719 7ff6e0391366 12718->12719 12723 7ff6e03a6480 56 API calls 12719->12723 12721 7ff6e03913c1 12720->12721 12722->12705 12724 7ff6e0392ae0 116 API calls 12722->12724 12726 7ff6e0391279 12722->12726 12723->12692 12725 7ff6e03912ec 12724->12725 12725->12717 12727 7ff6e0391590 52 API calls 12725->12727 12726->12704 12726->12719 12727->12726 12729 7ff6e0390d78 12728->12729 12730 7ff6e039103a 12728->12730 12731 7ff6e0390d81 12729->12731 12747 7ff6e0390da3 12729->12747 12732 7ff6e03a6480 56 API calls 12730->12732 12733 7ff6e0390d8e 12731->12733 12734 7ff6e0391061 12731->12734 12735 7ff6e0391047 12732->12735 12799 7ff6e03923b0 12733->12799 12737 7ff6e03a6480 56 API calls 12734->12737 12740 7ff6e03a6480 56 API calls 12735->12740 12739 7ff6e039106e 12737->12739 12738 7ff6e0390d9e 12741 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12738->12741 12746 7ff6e03a6480 56 API calls 12739->12746 12742 7ff6e0391054 12740->12742 12743 7ff6e0391013 12741->12743 12751 7ff6e03a6480 56 API calls 12742->12751 12743->12649 12744 7ff6e0390eeb 12750 7ff6e0391021 12744->12750 12755 7ff6e0390ef5 12744->12755 12745 7ff6e0390edb 12748 7ff6e03923b0 56 API calls 12745->12748 12749 7ff6e039107b 12746->12749 12747->12730 12747->12734 12747->12735 12747->12738 12747->12742 12747->12744 12747->12745 12748->12738 12754 7ff6e03a6480 56 API calls 12749->12754 12752 7ff6e03a6480 56 API calls 12750->12752 12751->12734 12753 7ff6e039102d 12752->12753 12757 7ff6e03a6480 56 API calls 12753->12757 12756 7ff6e0391088 12754->12756 12755->12739 12767 7ff6e0390f3e 12755->12767 12809 7ff6e0392f80 12755->12809 12758 7ff6e0391373 12756->12758 12761 7ff6e03910df 12756->12761 12777 7ff6e0391101 12756->12777 12757->12730 12760 7ff6e03a6480 56 API calls 12758->12760 12763 7ff6e0391380 12760->12763 12764 7ff6e039139a 12761->12764 12765 7ff6e03910ec 12761->12765 12762 7ff6e0390fb1 12762->12749 12836 7ff6e0392030 12762->12836 12769 7ff6e03a6480 56 API calls 12763->12769 12768 7ff6e03a6480 56 API calls 12764->12768 12840 7ff6e0391900 12765->12840 12767->12738 12767->12753 12771 7ff6e03913a7 12768->12771 12773 7ff6e039138d 12769->12773 12770 7ff6e03910fc 12774 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12770->12774 12779 7ff6e03a6480 56 API calls 12771->12779 12782 7ff6e03a6480 56 API calls 12773->12782 12778 7ff6e039134c 12774->12778 12775 7ff6e0391230 12781 7ff6e039135a 12775->12781 12788 7ff6e0391238 12775->12788 12776 7ff6e0391220 12780 7ff6e0391900 56 API calls 12776->12780 12777->12758 12777->12763 12777->12764 12777->12770 12777->12773 12777->12775 12777->12776 12778->12649 12783 7ff6e03913b4 12779->12783 12780->12770 12784 7ff6e03a6480 56 API calls 12781->12784 12782->12764 12786 7ff6e03a6480 56 API calls 12783->12786 12785 7ff6e0391366 12784->12785 12789 7ff6e03a6480 56 API calls 12785->12789 12787 7ff6e03913c1 12786->12787 12788->12771 12792 7ff6e0391279 12788->12792 12850 7ff6e0392ae0 12788->12850 12789->12758 12791 7ff6e03912ec 12791->12783 12883 7ff6e0391590 12791->12883 12792->12770 12792->12785 13764 7ff6e03a63a0 12794->13764 12797 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12798 7ff6e03a64a9 12797->12798 12800 7ff6e03923fd 12799->12800 12801 7ff6e0392404 12800->12801 12802 7ff6e039246d 12800->12802 12887 7ff6e0392480 12801->12887 12803 7ff6e03a6480 56 API calls 12802->12803 12805 7ff6e0392479 12803->12805 12810 7ff6e0393219 12809->12810 12811 7ff6e0392fad 12809->12811 12810->12762 12811->12810 12893 7ff6e03956a0 12811->12893 12813 7ff6e0393275 12814 7ff6e03a6480 56 API calls 12813->12814 12815 7ff6e0393281 12814->12815 12816 7ff6e03a6480 56 API calls 12815->12816 12818 7ff6e039328e 12816->12818 12817 7ff6e0392fc5 12817->12810 12817->12813 12819 7ff6e039329b 12817->12819 12825 7ff6e03930b4 12817->12825 12918 7ff6e039a8b0 12817->12918 12820 7ff6e03a6480 56 API calls 12818->12820 12821 7ff6e03a6480 56 API calls 12819->12821 12820->12819 12823 7ff6e03932a8 12821->12823 12826 7ff6e03a6480 56 API calls 12823->12826 12824 7ff6e039323a 12824->12810 12954 7ff6e0393970 12824->12954 12825->12810 12825->12818 12825->12819 12825->12823 12832 7ff6e0393170 12825->12832 12935 7ff6e039aa60 12825->12935 12828 7ff6e03932b5 12826->12828 12974 7ff6e03a1330 12828->12974 12832->12810 12832->12813 12832->12815 12832->12818 12832->12819 12832->12824 12833 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12835 7ff6e039337f 12833->12835 12834 7ff6e039330c 12834->12833 12835->12762 12837 7ff6e0392065 12836->12837 12838 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12837->12838 12839 7ff6e0392368 12838->12839 12841 7ff6e039194d 12840->12841 12842 7ff6e0391954 12841->12842 12843 7ff6e03919bd 12841->12843 13329 7ff6e03919d0 12842->13329 12845 7ff6e03a6480 56 API calls 12843->12845 12847 7ff6e03919c9 12845->12847 12851 7ff6e0392e47 12850->12851 12852 7ff6e0392b08 12850->12852 12851->12791 12852->12851 13335 7ff6e03a5bb0 12852->13335 12854 7ff6e0392e52 12855 7ff6e03a6480 56 API calls 12854->12855 12856 7ff6e0392e5e 12855->12856 12857 7ff6e03a6480 56 API calls 12856->12857 12858 7ff6e0392e6b 12857->12858 12859 7ff6e03a6480 56 API calls 12858->12859 12860 7ff6e0392e78 12859->12860 12865 7ff6e03a6480 56 API calls 12860->12865 12861 7ff6e0392e9f 12862 7ff6e03a6480 56 API calls 12861->12862 12864 7ff6e0392eac 12862->12864 12863 7ff6e0392b2c _Yarn __scrt_get_show_window_mode 12863->12854 12863->12856 12863->12858 12863->12861 12874 7ff6e0392ca3 12863->12874 12879 7ff6e0392de7 12863->12879 13339 7ff6e0397640 12863->13339 12866 7ff6e03a1330 8 API calls 12864->12866 12867 7ff6e0392e85 12865->12867 12873 7ff6e0392efc 12866->12873 12868 7ff6e03a6480 56 API calls 12867->12868 12870 7ff6e0392e92 12868->12870 12869 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12871 7ff6e0392f6f 12869->12871 12875 7ff6e03a6480 56 API calls 12870->12875 12871->12791 12873->12869 12874->12854 12874->12867 12874->12870 12877 7ff6e0392da0 12874->12877 12874->12879 12882 7ff6e0392d50 12874->12882 13356 7ff6e03977e0 12874->13356 12875->12861 12876 7ff6e0392e19 12876->12879 13402 7ff6e03936f0 12876->13402 12877->12861 12877->12876 12877->12879 12879->12791 12882->12860 12882->12867 12882->12877 12884 7ff6e03915c5 12883->12884 12885 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12884->12885 12886 7ff6e03918c7 12885->12886 12888 7ff6e03924cf 12887->12888 12889 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12888->12889 12890 7ff6e0392a83 12889->12890 12891 7ff6e0392ad7 12890->12891 12892 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12890->12892 12892->12891 12898 7ff6e03956d8 12893->12898 12894 7ff6e0395820 12895 7ff6e03a6480 56 API calls 12894->12895 12896 7ff6e039582d 12895->12896 12897 7ff6e03a6480 56 API calls 12896->12897 12899 7ff6e039583a 12897->12899 12898->12894 12898->12896 12904 7ff6e03a6480 56 API calls 12898->12904 12910 7ff6e03957a2 _Yarn __scrt_get_show_window_mode 12898->12910 12900 7ff6e03958b4 12899->12900 12903 7ff6e0395885 12899->12903 12901 7ff6e03958be 12900->12901 12902 7ff6e03959d6 12900->12902 12909 7ff6e03958cb 12901->12909 13007 7ff6e0435b10 12901->13007 12908 7ff6e03970d0 118 API calls 12902->12908 12982 7ff6e039ac40 12903->12982 12904->12894 12907 7ff6e03958af 12907->12817 12908->12907 13018 7ff6e039b270 12909->13018 12910->12817 12912 7ff6e03958f6 13064 7ff6e03970d0 12912->13064 12914 7ff6e03959b1 12915 7ff6e03959c4 12914->12915 12916 7ff6e038bf20 52 API calls 12914->12916 12915->12907 12917 7ff6e038bf20 52 API calls 12915->12917 12916->12915 12917->12907 12919 7ff6e039a8db 12918->12919 12920 7ff6e039aa13 12919->12920 12932 7ff6e039a8e5 12919->12932 12922 7ff6e03a6480 56 API calls 12920->12922 12921 7ff6e039aa46 12923 7ff6e03a6480 56 API calls 12921->12923 12924 7ff6e039aa1f 12922->12924 12926 7ff6e039aa53 12923->12926 12928 7ff6e03a6480 56 API calls 12924->12928 12925 7ff6e039aa39 12929 7ff6e03a6480 56 API calls 12925->12929 12927 7ff6e039a99f 13313 7ff6e03a0050 12927->13313 12930 7ff6e039aa2c 12928->12930 12929->12921 12934 7ff6e03a6480 56 API calls 12930->12934 12932->12921 12932->12924 12932->12925 12932->12927 12932->12930 12934->12925 12936 7ff6e039aa8b 12935->12936 12937 7ff6e039ac08 12936->12937 12941 7ff6e039abef 12936->12941 12952 7ff6e039aa95 12936->12952 12939 7ff6e03a6480 56 API calls 12937->12939 12938 7ff6e039ac2f 12942 7ff6e03a6480 56 API calls 12938->12942 12940 7ff6e039ac15 12939->12940 12946 7ff6e03a6480 56 API calls 12940->12946 12944 7ff6e03a6480 56 API calls 12941->12944 12945 7ff6e039ac3c 12942->12945 12943 7ff6e039ac22 12947 7ff6e03a6480 56 API calls 12943->12947 12948 7ff6e039abfb 12944->12948 12946->12943 12947->12938 12950 7ff6e03a6480 56 API calls 12948->12950 12949 7ff6e039ab67 13325 7ff6e03a0310 12949->13325 12950->12937 12952->12937 12952->12938 12952->12940 12952->12943 12952->12948 12952->12949 12955 7ff6e039398f 12954->12955 12956 7ff6e0393b0d 12955->12956 12957 7ff6e03a6480 56 API calls 12955->12957 12958 7ff6e03a6480 56 API calls 12956->12958 12959 7ff6e0393ab2 12957->12959 12960 7ff6e0393b1a 12958->12960 12961 7ff6e03a6480 56 API calls 12959->12961 12962 7ff6e0393abf 12961->12962 12963 7ff6e03a6480 56 API calls 12962->12963 12964 7ff6e0393acc 12963->12964 12965 7ff6e03a6480 56 API calls 12964->12965 12966 7ff6e0393ad9 12965->12966 12967 7ff6e03a6480 56 API calls 12966->12967 12968 7ff6e0393ae6 12967->12968 12969 7ff6e03a6480 56 API calls 12968->12969 12970 7ff6e0393af3 12969->12970 12971 7ff6e03a6480 56 API calls 12970->12971 12972 7ff6e0393b00 12971->12972 12973 7ff6e03a6480 56 API calls 12972->12973 12973->12956 12975 7ff6e03a136c 12974->12975 12979 7ff6e03a1393 _Yarn 12974->12979 12976 7ff6e03a1371 12975->12976 12975->12979 12977 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12976->12977 12978 7ff6e03a138d 12977->12978 12978->12834 12980 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12979->12980 12981 7ff6e03a1532 12980->12981 12981->12834 12983 7ff6e039ac9b 12982->12983 12986 7ff6e039acd6 12982->12986 13077 7ff6e0395a30 12983->13077 12985 7ff6e039acd1 12987 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12985->12987 13090 7ff6e03a09c0 12986->13090 12989 7ff6e039b038 12987->12989 12989->12907 12990 7ff6e039aeeb 12993 7ff6e039afef 12990->12993 12994 7ff6e039b004 12990->12994 12992 7ff6e0435b10 65 API calls 12995 7ff6e039ae3b 12992->12995 13094 7ff6e039b050 12993->13094 13102 7ff6e039f1f0 12994->13102 12998 7ff6e039b270 118 API calls 12995->12998 13001 7ff6e039ae69 12998->13001 12999 7ff6e039b002 13000 7ff6e03a64b0 52 API calls 12999->13000 13000->12985 13002 7ff6e039aeb7 13001->13002 13004 7ff6e039b048 13001->13004 13003 7ff6e03a64b0 52 API calls 13002->13003 13003->12990 13005 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13004->13005 13006 7ff6e039b04d 13005->13006 13168 7ff6e0435e48 13007->13168 13009 7ff6e0435b32 13017 7ff6e0435b76 _Yarn 13009->13017 13172 7ff6e0435d08 13009->13172 13012 7ff6e0435b4a 13175 7ff6e0435d38 13012->13175 13014 7ff6e0435bea 13014->12909 13016 7ff6e0448a80 _Yarn 13 API calls 13016->13017 13179 7ff6e0435ec0 13017->13179 13019 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 13018->13019 13020 7ff6e039b2a4 13019->13020 13021 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 13020->13021 13024 7ff6e039b2f2 13020->13024 13022 7ff6e039b2c7 13021->13022 13025 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13022->13025 13023 7ff6e039b30e 13026 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13023->13026 13024->13023 13212 7ff6e039d8c0 13024->13212 13025->13024 13028 7ff6e039b359 13026->13028 13030 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13028->13030 13033 7ff6e039b369 13030->13033 13031 7ff6e039b326 13258 7ff6e0435acc 13031->13258 13032 7ff6e039b379 13261 7ff6e03a5e90 13032->13261 13033->12912 13037 7ff6e039b3d7 13039 7ff6e039b3eb 13037->13039 13062 7ff6e039b7b1 13037->13062 13038 7ff6e03a6480 56 API calls 13040 7ff6e039b7be 13038->13040 13041 7ff6e0395a30 118 API calls 13039->13041 13044 7ff6e039b421 13041->13044 13042 7ff6e039b426 13043 7ff6e03a1330 8 API calls 13042->13043 13047 7ff6e039b474 13043->13047 13045 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13044->13045 13046 7ff6e039b79c 13045->13046 13046->12912 13048 7ff6e0435b10 65 API calls 13047->13048 13049 7ff6e039b59a 13047->13049 13063 7ff6e039b64a 13047->13063 13048->13049 13055 7ff6e039b270 118 API calls 13049->13055 13050 7ff6e039b753 13265 7ff6e039b7c0 13050->13265 13051 7ff6e039b768 13273 7ff6e039f3d0 13051->13273 13054 7ff6e039b766 13056 7ff6e03a64b0 52 API calls 13054->13056 13058 7ff6e039b5c8 13055->13058 13056->13044 13057 7ff6e039b616 13059 7ff6e03a64b0 52 API calls 13057->13059 13058->13057 13060 7ff6e039b7ac 13058->13060 13059->13063 13061 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13060->13061 13061->13062 13062->13038 13063->13050 13063->13051 13065 7ff6e0397134 13064->13065 13066 7ff6e03970f7 13064->13066 13068 7ff6e0397167 13065->13068 13070 7ff6e0397140 13065->13070 13067 7ff6e039ccc0 118 API calls 13066->13067 13069 7ff6e0397129 13067->13069 13071 7ff6e039d5d0 8 API calls 13068->13071 13069->12914 13303 7ff6e03971c0 13070->13303 13073 7ff6e0397186 13071->13073 13307 7ff6e039d6d0 13073->13307 13078 7ff6e0395aae 13077->13078 13079 7ff6e0395a7c 13077->13079 13081 7ff6e0395ab2 13078->13081 13082 7ff6e0395aec 13078->13082 13079->13078 13080 7ff6e0395a80 13079->13080 13080->13081 13085 7ff6e0395a84 13080->13085 13133 7ff6e039ccc0 13081->13133 13084 7ff6e03970d0 118 API calls 13082->13084 13086 7ff6e0395aac 13084->13086 13108 7ff6e039c8a0 13085->13108 13088 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13086->13088 13089 7ff6e0395b1b 13088->13089 13089->12985 13091 7ff6e03a0a11 _Yarn 13090->13091 13092 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13091->13092 13093 7ff6e039ad21 13092->13093 13093->12990 13093->12992 13093->12995 13095 7ff6e039b09b 13094->13095 13096 7ff6e0435b10 65 API calls 13095->13096 13097 7ff6e039b170 13095->13097 13101 7ff6e039b19e 13095->13101 13096->13097 13100 7ff6e039b270 118 API calls 13097->13100 13098 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13099 7ff6e039b25b 13098->13099 13099->12999 13100->13101 13101->13098 13104 7ff6e039f260 13102->13104 13103 7ff6e039b050 118 API calls 13106 7ff6e039f33a 13103->13106 13104->13103 13105 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13107 7ff6e039f3b3 13105->13107 13106->13105 13107->12999 13109 7ff6e039c8fa 13108->13109 13112 7ff6e039c935 13108->13112 13110 7ff6e0395a30 118 API calls 13109->13110 13111 7ff6e039c930 13110->13111 13113 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13111->13113 13114 7ff6e03a1330 8 API calls 13112->13114 13115 7ff6e039cc9c 13113->13115 13116 7ff6e039c983 13114->13116 13115->13086 13117 7ff6e0435b10 65 API calls 13116->13117 13120 7ff6e039ca9d 13116->13120 13130 7ff6e039cb4d 13116->13130 13117->13120 13118 7ff6e039cc53 13121 7ff6e039b050 118 API calls 13118->13121 13119 7ff6e039cc68 13122 7ff6e039f1f0 118 API calls 13119->13122 13124 7ff6e039b270 118 API calls 13120->13124 13123 7ff6e039cc66 13121->13123 13122->13123 13125 7ff6e03a64b0 52 API calls 13123->13125 13127 7ff6e039cacb 13124->13127 13125->13111 13126 7ff6e039cb19 13128 7ff6e03a64b0 52 API calls 13126->13128 13127->13126 13129 7ff6e039ccac 13127->13129 13128->13130 13131 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13129->13131 13130->13118 13130->13119 13132 7ff6e039ccb1 13131->13132 13134 7ff6e039cd45 __scrt_get_show_window_mode 13133->13134 13135 7ff6e039cd17 13133->13135 13139 7ff6e039f790 8 API calls 13134->13139 13135->13134 13136 7ff6e039cd1c 13135->13136 13150 7ff6e039f790 13136->13150 13138 7ff6e039cd40 13140 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13138->13140 13143 7ff6e039cdc4 13139->13143 13142 7ff6e039ce9a 13140->13142 13142->13086 13145 7ff6e0390bf0 118 API calls 13143->13145 13147 7ff6e039ce0b 13143->13147 13145->13147 13156 7ff6e039d5d0 13147->13156 13149 7ff6e038bf20 52 API calls 13149->13138 13154 7ff6e039f7fa _Yarn 13150->13154 13151 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13152 7ff6e039fd3d 13151->13152 13152->13138 13153 7ff6e039fcd5 13153->13151 13154->13153 13155 7ff6e03a4550 8 API calls 13154->13155 13155->13154 13160 7ff6e039d637 13156->13160 13157 7ff6e039d68e 13158 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13157->13158 13159 7ff6e039ce4d 13158->13159 13162 7ff6e039fd50 13159->13162 13160->13157 13161 7ff6e039ddf0 8 API calls 13160->13161 13161->13160 13164 7ff6e039fdb3 13162->13164 13163 7ff6e03971c0 8 API calls 13166 7ff6e039feb3 13163->13166 13164->13163 13165 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13167 7ff6e039ce7d 13165->13167 13166->13165 13167->13149 13169 7ff6e0435e57 13168->13169 13171 7ff6e0435e5c 13168->13171 13183 7ff6e04637c4 13169->13183 13171->13009 13173 7ff6e04389e0 std::_Facet_Register 56 API calls 13172->13173 13174 7ff6e0435d1a 13173->13174 13174->13012 13176 7ff6e0435b55 13175->13176 13177 7ff6e0435d4a 13175->13177 13176->13016 13176->13017 13207 7ff6e04384f0 13177->13207 13180 7ff6e0435ecb LeaveCriticalSection 13179->13180 13181 7ff6e0435ed4 13179->13181 13181->13014 13186 7ff6e04675f8 13183->13186 13187 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13186->13187 13188 7ff6e0467618 13187->13188 13189 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13188->13189 13190 7ff6e0467637 13189->13190 13191 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13190->13191 13192 7ff6e0467656 13191->13192 13193 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13192->13193 13194 7ff6e0467675 13193->13194 13195 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13194->13195 13196 7ff6e0467694 13195->13196 13197 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13196->13197 13198 7ff6e04676b3 13197->13198 13199 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13198->13199 13200 7ff6e04676d2 13199->13200 13201 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13200->13201 13202 7ff6e04676f1 13201->13202 13203 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13202->13203 13204 7ff6e0467710 13203->13204 13205 7ff6e0466ce0 __crtLCMapStringW 5 API calls 13204->13205 13206 7ff6e046772f 13205->13206 13208 7ff6e04384fe EncodePointer 13207->13208 13209 7ff6e0438525 13207->13209 13208->13176 13210 7ff6e0459d88 std::locale::_Setgloballocale 52 API calls 13209->13210 13211 7ff6e043852a DeleteCriticalSection 13210->13211 13213 7ff6e039d910 13212->13213 13257 7ff6e039db4f 13212->13257 13215 7ff6e04389e0 std::_Facet_Register 56 API calls 13213->13215 13213->13257 13214 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13216 7ff6e039b320 13214->13216 13217 7ff6e039d922 13215->13217 13216->13031 13216->13032 13218 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 13217->13218 13219 7ff6e039d962 13218->13219 13235 7ff6e039db7e 13219->13235 13279 7ff6e0435c80 13219->13279 13286 7ff6e0434d60 13235->13286 13257->13214 13259 7ff6e04389e0 std::_Facet_Register 56 API calls 13258->13259 13260 7ff6e0435adf 13259->13260 13260->13023 13262 7ff6e03a5e9e Concurrency::cancel_current_task 13261->13262 13263 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 13262->13263 13264 7ff6e039b37e 13263->13264 13264->13037 13264->13042 13266 7ff6e039b813 13265->13266 13267 7ff6e0435b10 65 API calls 13266->13267 13268 7ff6e039b8e0 13266->13268 13272 7ff6e039b90e 13266->13272 13267->13268 13271 7ff6e039b270 118 API calls 13268->13271 13269 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13270 7ff6e039b9cb 13269->13270 13270->13054 13271->13272 13272->13269 13275 7ff6e039f440 13273->13275 13274 7ff6e039b7c0 118 API calls 13278 7ff6e039f51a 13274->13278 13275->13274 13276 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13277 7ff6e039f593 13276->13277 13277->13054 13278->13276 13291 7ff6e045d040 13279->13291 13283 7ff6e0435cb3 13284 7ff6e0435cc2 13283->13284 13285 7ff6e045d040 std::_Locinfo::_Locinfo_ctor 87 API calls 13283->13285 13285->13284 13300 7ff6e03a6360 13286->13300 13289 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 13290 7ff6e039db8b 13289->13290 13292 7ff6e04675f8 std::_Lockit::_Lockit 5 API calls 13291->13292 13293 7ff6e045d056 13292->13293 13294 7ff6e045cd64 std::_Locinfo::_Locinfo_ctor 87 API calls 13293->13294 13295 7ff6e0435c99 13294->13295 13296 7ff6e04359f4 13295->13296 13297 7ff6e0435a11 13296->13297 13298 7ff6e0435a1b _Yarn 13296->13298 13297->13298 13299 7ff6e0448a80 _Yarn 13 API calls 13297->13299 13298->13283 13299->13298 13301 7ff6e03a62f0 Concurrency::cancel_current_task 54 API calls 13300->13301 13302 7ff6e03a6381 13301->13302 13302->13289 13304 7ff6e03971fc 13303->13304 13305 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13304->13305 13306 7ff6e039715c 13305->13306 13306->12914 13309 7ff6e039d733 13307->13309 13308 7ff6e03971c0 8 API calls 13310 7ff6e039d829 13308->13310 13309->13308 13311 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13310->13311 13312 7ff6e03971a7 13311->13312 13312->12914 13314 7ff6e03a0071 13313->13314 13315 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13314->13315 13316 7ff6e03a0123 13315->13316 13317 7ff6e03a6480 56 API calls 13316->13317 13318 7ff6e03a0179 13317->13318 13319 7ff6e03a6480 56 API calls 13318->13319 13320 7ff6e03a019b 13319->13320 13321 7ff6e03a6480 56 API calls 13320->13321 13322 7ff6e03a01bb 13321->13322 13323 7ff6e03a6480 56 API calls 13322->13323 13324 7ff6e03a01da 13323->13324 13326 7ff6e03a0331 13325->13326 13327 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13326->13327 13328 7ff6e03a03e3 13327->13328 13330 7ff6e0391a1f 13329->13330 13331 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13330->13331 13332 7ff6e0391fea 13331->13332 13333 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13332->13333 13334 7ff6e0392368 13333->13334 13336 7ff6e03a5be3 13335->13336 13337 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13336->13337 13338 7ff6e03a5c0d 13337->13338 13338->12863 13340 7ff6e039766a 13339->13340 13341 7ff6e0397796 13340->13341 13354 7ff6e0397673 13340->13354 13342 7ff6e03a6480 56 API calls 13341->13342 13344 7ff6e03977a2 13342->13344 13343 7ff6e03a6480 56 API calls 13346 7ff6e03977d6 13343->13346 13349 7ff6e03a6480 56 API calls 13344->13349 13345 7ff6e03977bc 13348 7ff6e03a6480 56 API calls 13345->13348 13347 7ff6e0397722 13422 7ff6e039ff40 13347->13422 13351 7ff6e03977c9 13348->13351 13352 7ff6e03977af 13349->13352 13351->13343 13355 7ff6e03a6480 56 API calls 13352->13355 13354->13344 13354->13345 13354->13347 13354->13351 13354->13352 13355->13345 13357 7ff6e039780a 13356->13357 13358 7ff6e039797b 13357->13358 13363 7ff6e0397962 13357->13363 13378 7ff6e0397813 13357->13378 13360 7ff6e03a6480 56 API calls 13358->13360 13359 7ff6e03979a2 13361 7ff6e03a6480 56 API calls 13359->13361 13362 7ff6e0397988 13360->13362 13364 7ff6e03979af 13361->13364 13369 7ff6e03a6480 56 API calls 13362->13369 13365 7ff6e03a6480 56 API calls 13363->13365 13367 7ff6e0397a09 13364->13367 13377 7ff6e0397a4d 13364->13377 13368 7ff6e039796e 13365->13368 13366 7ff6e0397995 13370 7ff6e03a6480 56 API calls 13366->13370 13372 7ff6e0397a12 13367->13372 13401 7ff6e0397dbd 13367->13401 13373 7ff6e03a6480 56 API calls 13368->13373 13369->13366 13370->13359 13371 7ff6e03978da 13426 7ff6e03a01e0 13371->13426 13432 7ff6e0393de0 13372->13432 13373->13358 13375 7ff6e03a6480 56 API calls 13376 7ff6e0397dca 13375->13376 13381 7ff6e03a09c0 8 API calls 13377->13381 13378->13358 13378->13359 13378->13362 13378->13366 13378->13368 13378->13371 13379 7ff6e0397a48 13383 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13379->13383 13387 7ff6e0397a9c 13381->13387 13384 7ff6e0392dd2 13383->13384 13384->12854 13384->12877 13385 7ff6e0397c5f 13388 7ff6e0397d5f 13385->13388 13389 7ff6e0397d74 13385->13389 13386 7ff6e0435b10 65 API calls 13390 7ff6e0397baf 13386->13390 13387->13385 13387->13386 13387->13390 13491 7ff6e0397dd0 13388->13491 13499 7ff6e039e3e0 13389->13499 13445 7ff6e0397ff0 13390->13445 13393 7ff6e0397d72 13395 7ff6e03a64b0 52 API calls 13393->13395 13395->13379 13396 7ff6e0397bdd 13398 7ff6e0397db8 13396->13398 13399 7ff6e0397c2b 13396->13399 13397 7ff6e03a64b0 52 API calls 13397->13385 13400 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13398->13400 13399->13397 13400->13401 13401->13375 13403 7ff6e039370c 13402->13403 13404 7ff6e03a6480 56 API calls 13403->13404 13405 7ff6e0393887 13403->13405 13406 7ff6e039382c 13404->13406 13407 7ff6e03a6480 56 API calls 13405->13407 13408 7ff6e03a6480 56 API calls 13406->13408 13409 7ff6e0393894 13407->13409 13410 7ff6e0393839 13408->13410 13411 7ff6e03a6480 56 API calls 13410->13411 13412 7ff6e0393846 13411->13412 13413 7ff6e03a6480 56 API calls 13412->13413 13414 7ff6e0393853 13413->13414 13415 7ff6e03a6480 56 API calls 13414->13415 13416 7ff6e0393860 13415->13416 13417 7ff6e03a6480 56 API calls 13416->13417 13418 7ff6e039386d 13417->13418 13419 7ff6e03a6480 56 API calls 13418->13419 13420 7ff6e039387a 13419->13420 13421 7ff6e03a6480 56 API calls 13420->13421 13421->13405 13423 7ff6e039ff61 13422->13423 13424 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13423->13424 13425 7ff6e03a0013 13424->13425 13427 7ff6e03a0201 13426->13427 13428 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13427->13428 13429 7ff6e03a02b3 13428->13429 13430 7ff6e03a6480 56 API calls 13429->13430 13431 7ff6e03a030a 13430->13431 13433 7ff6e0393e2a 13432->13433 13434 7ff6e0393e5c 13432->13434 13433->13434 13435 7ff6e0393e2e 13433->13435 13436 7ff6e0393e60 13434->13436 13437 7ff6e0393e9a 13434->13437 13435->13436 13439 7ff6e0393e32 13435->13439 13530 7ff6e0399c50 13436->13530 13547 7ff6e0395480 13437->13547 13505 7ff6e0399610 13439->13505 13442 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13444 7ff6e0393ec9 13442->13444 13443 7ff6e0393e5a 13443->13442 13444->13379 13446 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 13445->13446 13447 7ff6e0398024 13446->13447 13448 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 13447->13448 13451 7ff6e0398072 13447->13451 13449 7ff6e0398047 13448->13449 13453 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13449->13453 13450 7ff6e039808e 13452 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13450->13452 13451->13450 13668 7ff6e039db90 13451->13668 13454 7ff6e03980d9 13452->13454 13453->13451 13456 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13454->13456 13458 7ff6e03980e9 13456->13458 13458->13396 13459 7ff6e03980a6 13462 7ff6e0435acc std::_Facet_Register 56 API calls 13459->13462 13460 7ff6e03980f9 13461 7ff6e03a5e90 Concurrency::cancel_current_task 2 API calls 13460->13461 13463 7ff6e03980fe 13461->13463 13462->13450 13464 7ff6e0398157 13463->13464 13468 7ff6e03981a3 13463->13468 13465 7ff6e0398168 13464->13465 13490 7ff6e0398531 13464->13490 13467 7ff6e0393de0 116 API calls 13465->13467 13466 7ff6e03a6480 56 API calls 13469 7ff6e039853e 13466->13469 13470 7ff6e039819e 13467->13470 13471 7ff6e03a1330 8 API calls 13468->13471 13472 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13470->13472 13480 7ff6e03981f1 13471->13480 13473 7ff6e039851c 13472->13473 13473->13396 13474 7ff6e03983c3 13476 7ff6e03984d3 13474->13476 13477 7ff6e03984e8 13474->13477 13475 7ff6e0435b10 65 API calls 13478 7ff6e0398313 13475->13478 13708 7ff6e0398540 13476->13708 13716 7ff6e039e5a0 13477->13716 13482 7ff6e0397ff0 116 API calls 13478->13482 13480->13474 13480->13475 13480->13478 13487 7ff6e0398341 13482->13487 13483 7ff6e03984e6 13484 7ff6e03a64b0 52 API calls 13483->13484 13484->13470 13485 7ff6e039838f 13486 7ff6e03a64b0 52 API calls 13485->13486 13486->13474 13487->13485 13488 7ff6e039852c 13487->13488 13489 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13488->13489 13489->13490 13490->13466 13492 7ff6e0397e1b 13491->13492 13493 7ff6e0435b10 65 API calls 13492->13493 13494 7ff6e0397eee 13492->13494 13498 7ff6e0397f1c 13492->13498 13493->13494 13497 7ff6e0397ff0 116 API calls 13494->13497 13495 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13496 7ff6e0397fd8 13495->13496 13496->13393 13497->13498 13498->13495 13501 7ff6e039e450 13499->13501 13500 7ff6e0397dd0 116 API calls 13503 7ff6e039e514 13500->13503 13501->13500 13502 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13504 7ff6e039e58c 13502->13504 13503->13502 13504->13393 13506 7ff6e0399669 13505->13506 13509 7ff6e03996a4 13505->13509 13507 7ff6e0393de0 116 API calls 13506->13507 13508 7ff6e039969f 13507->13508 13511 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13508->13511 13560 7ff6e03a0760 13509->13560 13512 7ff6e0399a18 13511->13512 13512->13443 13513 7ff6e03996f3 13514 7ff6e0435b10 65 API calls 13513->13514 13517 7ff6e039981a 13513->13517 13527 7ff6e03998ca 13513->13527 13514->13517 13515 7ff6e03999cf 13568 7ff6e0399a30 13515->13568 13516 7ff6e03999e4 13576 7ff6e039e920 13516->13576 13521 7ff6e0397ff0 116 API calls 13517->13521 13520 7ff6e03999e2 13522 7ff6e03a64b0 52 API calls 13520->13522 13524 7ff6e0399848 13521->13524 13522->13508 13523 7ff6e0399896 13525 7ff6e03a64b0 52 API calls 13523->13525 13524->13523 13526 7ff6e0399a28 13524->13526 13525->13527 13528 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13526->13528 13527->13515 13527->13516 13529 7ff6e0399a2d 13528->13529 13531 7ff6e0399cd3 __scrt_get_show_window_mode 13530->13531 13532 7ff6e0399ca5 13530->13532 13536 7ff6e039eae0 10 API calls 13531->13536 13532->13531 13533 7ff6e0399caa 13532->13533 13582 7ff6e039eae0 13533->13582 13535 7ff6e0399cce 13537 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13535->13537 13542 7ff6e0399d56 13536->13542 13540 7ff6e0399e36 13537->13540 13538 7ff6e0399da7 13614 7ff6e039a530 13538->13614 13540->13443 13542->13538 13590 7ff6e038ee50 13542->13590 13546 7ff6e03a64b0 52 API calls 13546->13535 13548 7ff6e03954e4 13547->13548 13549 7ff6e03954a7 13547->13549 13551 7ff6e039551e 13548->13551 13552 7ff6e03954f0 13548->13552 13550 7ff6e0399c50 78 API calls 13549->13550 13554 7ff6e03954d9 13550->13554 13553 7ff6e039a530 8 API calls 13551->13553 13555 7ff6e039a800 8 API calls 13552->13555 13556 7ff6e039553d 13553->13556 13554->13443 13557 7ff6e039550c 13555->13557 13662 7ff6e039a630 13556->13662 13557->13443 13561 7ff6e03a079c 13560->13561 13565 7ff6e03a07c1 _Yarn 13560->13565 13562 7ff6e03a07a1 13561->13562 13561->13565 13563 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13562->13563 13564 7ff6e03a07bb 13563->13564 13564->13513 13566 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13565->13566 13567 7ff6e03a0974 13566->13567 13567->13513 13569 7ff6e0399a84 13568->13569 13570 7ff6e0435b10 65 API calls 13569->13570 13572 7ff6e0399b4e 13569->13572 13575 7ff6e0399b7c 13569->13575 13570->13572 13571 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13573 7ff6e0399c38 13571->13573 13574 7ff6e0397ff0 116 API calls 13572->13574 13573->13520 13574->13575 13575->13571 13577 7ff6e039e990 13576->13577 13578 7ff6e0399a30 116 API calls 13577->13578 13579 7ff6e039ea54 13578->13579 13580 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13579->13580 13581 7ff6e039eacc 13580->13581 13581->13520 13588 7ff6e039eb3e 13582->13588 13583 7ff6e039efab 13584 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13583->13584 13585 7ff6e039f014 13584->13585 13585->13535 13587 7ff6e03a09c0 8 API calls 13587->13588 13588->13583 13588->13587 13626 7ff6e0436638 MultiByteToWideChar 13588->13626 13629 7ff6e03a4550 13588->13629 13591 7ff6e038ef63 13590->13591 13592 7ff6e038ee7b 13590->13592 13593 7ff6e038e150 76 API calls 13591->13593 13599 7ff6e038ee96 _Yarn 13592->13599 13633 7ff6e038f570 13592->13633 13603 7ff6e038ef68 13593->13603 13595 7ff6e038ef58 13595->13538 13597 7ff6e038f0a7 13598 7ff6e038f149 13597->13598 13602 7ff6e038f0bc 13597->13602 13600 7ff6e038e150 76 API calls 13598->13600 13599->13538 13601 7ff6e038f14e 13600->13601 13604 7ff6e038f150 56 API calls 13602->13604 13603->13597 13603->13598 13608 7ff6e038bf20 52 API calls 13603->13608 13642 7ff6e038ff60 13603->13642 13646 7ff6e038f150 13603->13646 13606 7ff6e038f116 13604->13606 13607 7ff6e038bf20 52 API calls 13606->13607 13609 7ff6e038f120 13607->13609 13608->13603 13610 7ff6e038bf20 52 API calls 13609->13610 13611 7ff6e038f129 13610->13611 13612 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13611->13612 13613 7ff6e038f135 13612->13613 13613->13538 13615 7ff6e039a596 13614->13615 13618 7ff6e039a5ee 13615->13618 13654 7ff6e039e080 13615->13654 13616 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13617 7ff6e0399de9 13616->13617 13620 7ff6e039f020 13617->13620 13618->13616 13622 7ff6e039f081 13620->13622 13658 7ff6e039a800 13622->13658 13623 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13624 7ff6e0399e19 13623->13624 13624->13546 13627 7ff6e043666e 13626->13627 13628 7ff6e0436662 GetLastError 13626->13628 13627->13588 13628->13627 13630 7ff6e03a459e _Yarn 13629->13630 13631 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13630->13631 13632 7ff6e03a4723 13631->13632 13632->13588 13634 7ff6e038f5c9 13633->13634 13635 7ff6e038f6dc 13633->13635 13638 7ff6e038c020 Concurrency::cancel_current_task 56 API calls 13634->13638 13636 7ff6e038bfb0 Concurrency::cancel_current_task 56 API calls 13635->13636 13637 7ff6e038f6e2 13636->13637 13637->13595 13640 7ff6e038f611 _Yarn 13638->13640 13639 7ff6e038f681 _Yarn 13639->13595 13640->13639 13641 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13640->13641 13641->13635 13645 7ff6e038ffa2 __scrt_get_show_window_mode 13642->13645 13643 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13644 7ff6e0390034 13643->13644 13644->13603 13645->13643 13653 7ff6e038f18a 13646->13653 13647 7ff6e038f207 13648 7ff6e038bf20 52 API calls 13647->13648 13650 7ff6e038f25b 13648->13650 13649 7ff6e03903c0 56 API calls 13649->13647 13651 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13650->13651 13652 7ff6e038f268 13651->13652 13652->13603 13653->13647 13653->13649 13657 7ff6e039e0bc 13654->13657 13655 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13656 7ff6e039e250 13655->13656 13656->13615 13657->13655 13660 7ff6e039a845 13658->13660 13659 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13661 7ff6e039a8a3 13659->13661 13660->13659 13661->13623 13664 7ff6e039a691 13662->13664 13663 7ff6e039a800 8 API calls 13667 7ff6e039a76d 13663->13667 13664->13663 13665 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13666 7ff6e039555e 13665->13666 13666->13443 13667->13665 13669 7ff6e039dbc9 13668->13669 13707 7ff6e03980a0 13668->13707 13670 7ff6e04389e0 std::_Facet_Register 56 API calls 13669->13670 13669->13707 13671 7ff6e039dbdb 13670->13671 13672 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 13671->13672 13673 7ff6e039dc1f 13672->13673 13674 7ff6e039ddd1 13673->13674 13676 7ff6e0435c80 std::_Locinfo::_Locinfo_ctor 89 API calls 13673->13676 13675 7ff6e0434d60 56 API calls 13674->13675 13677 7ff6e039ddde 13675->13677 13678 7ff6e039dc6a 13676->13678 13681 7ff6e0434cb4 Concurrency::cancel_current_task 56 API calls 13677->13681 13722 7ff6e0448b20 13678->13722 13683 7ff6e039dde4 13681->13683 13685 7ff6e0434cb4 Concurrency::cancel_current_task 56 API calls 13683->13685 13687 7ff6e039ddea 13685->13687 13686 7ff6e0436388 52 API calls 13688 7ff6e039dca8 13686->13688 13688->13677 13688->13683 13689 7ff6e039dd0d 13688->13689 13690 7ff6e039ddcc 13688->13690 13736 7ff6e0435cec 13689->13736 13691 7ff6e0434cb4 Concurrency::cancel_current_task 56 API calls 13690->13691 13691->13674 13694 7ff6e039dd44 13696 7ff6e039dd56 13694->13696 13697 7ff6e0448a80 _Yarn 13 API calls 13694->13697 13695 7ff6e0448a80 _Yarn 13 API calls 13695->13694 13698 7ff6e039dd68 13696->13698 13699 7ff6e0448a80 _Yarn 13 API calls 13696->13699 13697->13696 13700 7ff6e039dd7a 13698->13700 13701 7ff6e0448a80 _Yarn 13 API calls 13698->13701 13699->13698 13702 7ff6e039dd8c 13700->13702 13704 7ff6e0448a80 _Yarn 13 API calls 13700->13704 13701->13700 13703 7ff6e039dd9f 13702->13703 13705 7ff6e0448a80 _Yarn 13 API calls 13702->13705 13706 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 13703->13706 13704->13702 13705->13703 13706->13707 13707->13459 13707->13460 13709 7ff6e0398593 13708->13709 13710 7ff6e0435b10 65 API calls 13709->13710 13711 7ff6e039865e 13709->13711 13715 7ff6e039868c 13709->13715 13710->13711 13714 7ff6e0397ff0 116 API calls 13711->13714 13712 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13713 7ff6e0398748 13712->13713 13713->13483 13714->13715 13715->13712 13718 7ff6e039e610 13716->13718 13717 7ff6e0398540 116 API calls 13720 7ff6e039e6d4 13717->13720 13718->13717 13719 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 13721 7ff6e039e74c 13719->13721 13720->13719 13721->13483 13723 7ff6e04664b0 TranslateName 52 API calls 13722->13723 13724 7ff6e0448b29 13723->13724 13740 7ff6e0466968 13724->13740 13727 7ff6e0436388 13744 7ff6e04637f0 13727->13744 13735 7ff6e039dc8f 13735->13686 13737 7ff6e0435cf9 13736->13737 13738 7ff6e039dd36 13736->13738 13739 7ff6e045d040 std::_Locinfo::_Locinfo_ctor 87 API calls 13737->13739 13738->13694 13738->13695 13739->13738 13741 7ff6e046697d 13740->13741 13742 7ff6e039dc86 13740->13742 13741->13742 13743 7ff6e046e214 TranslateName 52 API calls 13741->13743 13742->13727 13743->13742 13745 7ff6e04664b0 TranslateName 52 API calls 13744->13745 13746 7ff6e04637f9 13745->13746 13747 7ff6e0466968 TranslateName 52 API calls 13746->13747 13748 7ff6e04363ad 13747->13748 13749 7ff6e0463854 13748->13749 13750 7ff6e04664b0 TranslateName 52 API calls 13749->13750 13751 7ff6e046385d 13750->13751 13752 7ff6e0466968 TranslateName 52 API calls 13751->13752 13753 7ff6e04363b4 13752->13753 13754 7ff6e0463820 13753->13754 13755 7ff6e04664b0 TranslateName 52 API calls 13754->13755 13756 7ff6e0463829 13755->13756 13757 7ff6e0466968 TranslateName 52 API calls 13756->13757 13758 7ff6e04363bc 13757->13758 13758->13735 13759 7ff6e0463ef4 13758->13759 13760 7ff6e04664b0 TranslateName 52 API calls 13759->13760 13761 7ff6e0463efd 13760->13761 13762 7ff6e0466968 TranslateName 52 API calls 13761->13762 13763 7ff6e0463f16 13762->13763 13763->13735 13765 7ff6e03a62f0 Concurrency::cancel_current_task 54 API calls 13764->13765 13766 7ff6e03a63c1 13765->13766 13766->12797 13768 7ff6e039141f 13767->13768 13774 7ff6e0391582 13767->13774 13771 7ff6e038c020 Concurrency::cancel_current_task 56 API calls 13768->13771 13772 7ff6e039157c 13768->13772 13769 7ff6e038bfb0 Concurrency::cancel_current_task 56 API calls 13770 7ff6e0391588 13769->13770 13776 7ff6e039148f _Yarn 13771->13776 13773 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 13772->13773 13773->13774 13774->13769 13775 7ff6e039151a _Yarn 13775->12662 13776->13775 13777 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13776->13777 13777->13772 13780 7ff6e038c3af 13778->13780 13779 7ff6e038c498 13779->12615 13780->13779 13782 7ff6e038c4c6 13780->13782 13783 7ff6e038c418 WideCharToMultiByte 13780->13783 13791 7ff6e038c4ed 13780->13791 13781 7ff6e03a62b0 Concurrency::cancel_current_task 54 API calls 13784 7ff6e038c4ff 13781->13784 13788 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 13782->13788 13785 7ff6e038c510 13783->13785 13786 7ff6e038c44c 13783->13786 13787 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 13784->13787 13790 7ff6e03a6360 54 API calls 13785->13790 13803 7ff6e038d870 13786->13803 13787->13785 13788->13791 13793 7ff6e038c522 13790->13793 13791->13781 13792 7ff6e038c45a WideCharToMultiByte 13792->13779 13796 7ff6e038c533 13792->13796 13794 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 13793->13794 13794->13796 13797 7ff6e03a6360 54 API calls 13796->13797 13798 7ff6e038c545 13797->13798 13799 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 13798->13799 13800 7ff6e038c556 13799->13800 13801 7ff6e043ab30 __std_exception_copy 54 API calls 13800->13801 13802 7ff6e038c596 13801->13802 13802->12615 13804 7ff6e038d8a0 13803->13804 13805 7ff6e038d8b6 13803->13805 13804->13792 13807 7ff6e038d8d0 __scrt_get_show_window_mode 13805->13807 13809 7ff6e038eab0 13805->13809 13807->13792 13808 7ff6e038d91c 13808->13792 13810 7ff6e038eaf2 13809->13810 13811 7ff6e038ebf8 13809->13811 13813 7ff6e038c020 Concurrency::cancel_current_task 56 API calls 13810->13813 13812 7ff6e038bfb0 Concurrency::cancel_current_task 56 API calls 13811->13812 13814 7ff6e038ebfe 13812->13814 13817 7ff6e038eb3e _Yarn __scrt_get_show_window_mode 13813->13817 13815 7ff6e038ec23 13814->13815 13816 7ff6e0418550 76 API calls 13814->13816 13815->13808 13816->13815 13818 7ff6e038eba7 _Yarn __scrt_get_show_window_mode 13817->13818 13819 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 13817->13819 13818->13808 13819->13811 11679 7ff6e03c55b0 IsProcessorFeaturePresent 11680 7ff6e03c55e7 GetModuleHandleA GetProcAddress 11679->11680 11681 7ff6e03c561b 11680->11681 11700 7ff6e04397e4 11681->11700 11686 7ff6e04287a2 11687 7ff6e043955c 7 API calls 11686->11687 11689 7ff6e04287ad std::locale::_Setgloballocale 11687->11689 11688 7ff6e0428644 __scrt_release_startup_lock 11688->11686 11693 7ff6e0428733 11688->11693 11709 7ff6e04396a4 11688->11709 11719 7ff6e038c7b0 11689->11719 11712 7ff6e043955c IsProcessorFeaturePresent 11693->11712 11695 7ff6e0428833 11734 7ff6e038ddc0 11695->11734 11697 7ff6e042883c 11741 7ff6e0435758 11697->11741 11699 7ff6e0428869 11701 7ff6e0439807 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 11700->11701 11702 7ff6e03c5620 11700->11702 11701->11702 11703 7ff6e0438d34 11702->11703 11704 7ff6e0438d3c 11703->11704 11705 7ff6e0438d48 __scrt_dllmain_crt_thread_attach 11704->11705 11706 7ff6e0438d51 11705->11706 11707 7ff6e0438d55 11705->11707 11706->11688 11707->11706 11744 7ff6e043bd98 11707->11744 11771 7ff6e0483040 11709->11771 11711 7ff6e04396bb GetStartupInfoW 11711->11693 11713 7ff6e0439582 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 11712->11713 11714 7ff6e04395a1 RtlCaptureContext RtlLookupFunctionEntry 11713->11714 11715 7ff6e0439606 __scrt_get_show_window_mode 11714->11715 11716 7ff6e04395ca RtlVirtualUnwind 11714->11716 11717 7ff6e0439638 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11715->11717 11716->11715 11718 7ff6e0439686 _invalid_parameter_noinfo_noreturn 11717->11718 11718->11686 11773 7ff6e043ab30 11719->11773 11722 7ff6e038c83a 11724 7ff6e043abc0 __std_exception_destroy 13 API calls 11722->11724 11726 7ff6e038c849 11724->11726 11783 7ff6e0438970 11726->11783 11727 7ff6e043ab30 __std_exception_copy 54 API calls 11727->11722 11730 7ff6e03a64b0 11731 7ff6e03a64ed 11730->11731 11733 7ff6e03a64c9 11730->11733 11731->11695 11733->11730 11733->11731 12027 7ff6e04489f0 11733->12027 12032 7ff6e0429260 RtlCaptureContext 11734->12032 11739 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 11740 7ff6e038dea9 11739->11740 11740->11697 12058 7ff6e043aafc 11741->12058 11743 7ff6e043576a 11743->11699 11745 7ff6e043bdaa 11744->11745 11746 7ff6e043bda0 11744->11746 11745->11706 11750 7ff6e043bf54 11746->11750 11751 7ff6e043bda5 11750->11751 11752 7ff6e043bf63 11750->11752 11754 7ff6e0447190 11751->11754 11758 7ff6e044737c 11752->11758 11755 7ff6e04471bb 11754->11755 11756 7ff6e04471bf 11755->11756 11757 7ff6e044719e DeleteCriticalSection 11755->11757 11756->11745 11757->11755 11762 7ff6e04471e4 11758->11762 11763 7ff6e04472ce TlsFree 11762->11763 11769 7ff6e0447228 __vcrt_InitializeCriticalSectionEx 11762->11769 11764 7ff6e0447256 LoadLibraryExW 11766 7ff6e0447277 GetLastError 11764->11766 11767 7ff6e04472f5 11764->11767 11765 7ff6e0447315 GetProcAddress 11765->11763 11766->11769 11767->11765 11768 7ff6e044730c FreeLibrary 11767->11768 11768->11765 11769->11763 11769->11764 11769->11765 11770 7ff6e0447299 LoadLibraryExW 11769->11770 11770->11767 11770->11769 11772 7ff6e0483030 11771->11772 11772->11711 11772->11772 11774 7ff6e043ab51 11773->11774 11778 7ff6e038c819 11773->11778 11775 7ff6e043ab86 11774->11775 11774->11778 11792 7ff6e045cd04 11774->11792 11801 7ff6e0448a80 11775->11801 11778->11722 11779 7ff6e043abc0 11778->11779 11780 7ff6e038c82c 11779->11780 11781 7ff6e043abcf 11779->11781 11780->11727 11782 7ff6e0448a80 _Yarn 13 API calls 11781->11782 11782->11780 11784 7ff6e0438979 11783->11784 11785 7ff6e038c859 11784->11785 11786 7ff6e04390d0 IsProcessorFeaturePresent 11784->11786 11785->11730 11787 7ff6e04390e8 11786->11787 12022 7ff6e04392d0 RtlCaptureContext 11787->12022 11793 7ff6e045cd1b 11792->11793 11794 7ff6e045cd11 11792->11794 11808 7ff6e044a67c 11793->11808 11794->11793 11798 7ff6e045cd36 11794->11798 11797 7ff6e045cd2e 11797->11775 11798->11797 11799 7ff6e044a67c _set_errno_from_matherr 11 API calls 11798->11799 11800 7ff6e045cd22 11799->11800 11811 7ff6e04489d0 11800->11811 11802 7ff6e0466874 11801->11802 11803 7ff6e0466879 RtlFreeHeap 11802->11803 11804 7ff6e04668aa 11802->11804 11803->11804 11805 7ff6e0466894 GetLastError 11803->11805 11804->11778 11806 7ff6e04668a1 __free_lconv_num 11805->11806 11807 7ff6e044a67c _set_errno_from_matherr 11 API calls 11806->11807 11807->11804 11814 7ff6e0466628 GetLastError 11808->11814 11810 7ff6e044a685 11810->11800 11872 7ff6e0448864 11811->11872 11815 7ff6e0466669 FlsSetValue 11814->11815 11818 7ff6e046664c 11814->11818 11816 7ff6e046667b 11815->11816 11817 7ff6e0466659 SetLastError 11815->11817 11831 7ff6e0466a40 11816->11831 11817->11810 11818->11815 11818->11817 11822 7ff6e04666a8 FlsSetValue 11825 7ff6e04666c6 11822->11825 11826 7ff6e04666b4 FlsSetValue 11822->11826 11823 7ff6e0466698 FlsSetValue 11824 7ff6e04666a1 11823->11824 11838 7ff6e0466874 11824->11838 11844 7ff6e046625c 11825->11844 11826->11824 11836 7ff6e0466a51 _set_errno_from_matherr 11831->11836 11832 7ff6e0466aa2 11835 7ff6e044a67c _set_errno_from_matherr 10 API calls 11832->11835 11833 7ff6e0466a86 HeapAlloc 11834 7ff6e046668a 11833->11834 11833->11836 11834->11822 11834->11823 11835->11834 11836->11832 11836->11833 11849 7ff6e0464fac 11836->11849 11839 7ff6e0466879 RtlFreeHeap 11838->11839 11840 7ff6e04668aa 11838->11840 11839->11840 11841 7ff6e0466894 GetLastError 11839->11841 11840->11817 11842 7ff6e04668a1 __free_lconv_num 11841->11842 11843 7ff6e044a67c _set_errno_from_matherr 9 API calls 11842->11843 11843->11840 11858 7ff6e0466134 11844->11858 11852 7ff6e0464fe8 11849->11852 11857 7ff6e0463748 EnterCriticalSection 11852->11857 11854 7ff6e0464ff5 11855 7ff6e04637a8 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 11854->11855 11856 7ff6e0464fba 11855->11856 11856->11836 11870 7ff6e0463748 EnterCriticalSection 11858->11870 11873 7ff6e044888f 11872->11873 11880 7ff6e0448900 11873->11880 11877 7ff6e04488ee 11877->11797 11878 7ff6e04488d9 11878->11877 11879 7ff6e04485e0 _invalid_parameter_noinfo_noreturn 52 API calls 11878->11879 11879->11877 11899 7ff6e0448648 11880->11899 11883 7ff6e04488b6 11883->11878 11890 7ff6e04485e0 11883->11890 11891 7ff6e0448633 11890->11891 11892 7ff6e04485f3 GetLastError 11890->11892 11891->11878 11893 7ff6e0448603 11892->11893 11894 7ff6e04666f0 _invalid_parameter_noinfo_noreturn 16 API calls 11893->11894 11895 7ff6e044861e SetLastError 11894->11895 11895->11891 11896 7ff6e0448641 11895->11896 11937 7ff6e0459d88 11896->11937 11900 7ff6e0448664 GetLastError 11899->11900 11901 7ff6e044869f 11899->11901 11902 7ff6e0448674 11900->11902 11901->11883 11905 7ff6e04486b4 11901->11905 11912 7ff6e04666f0 11902->11912 11906 7ff6e04486d0 GetLastError SetLastError 11905->11906 11907 7ff6e04486e8 11905->11907 11906->11907 11907->11883 11908 7ff6e0448a20 IsProcessorFeaturePresent 11907->11908 11909 7ff6e0448a33 11908->11909 11929 7ff6e0448700 11909->11929 11913 7ff6e046672a FlsSetValue 11912->11913 11914 7ff6e046670f FlsGetValue 11912->11914 11916 7ff6e0466737 11913->11916 11917 7ff6e044868f SetLastError 11913->11917 11915 7ff6e0466724 11914->11915 11914->11917 11915->11913 11918 7ff6e0466a40 _set_errno_from_matherr 11 API calls 11916->11918 11917->11901 11919 7ff6e0466746 11918->11919 11920 7ff6e0466764 FlsSetValue 11919->11920 11921 7ff6e0466754 FlsSetValue 11919->11921 11922 7ff6e0466782 11920->11922 11923 7ff6e0466770 FlsSetValue 11920->11923 11924 7ff6e046675d 11921->11924 11926 7ff6e046625c _set_errno_from_matherr 11 API calls 11922->11926 11923->11924 11925 7ff6e0466874 __free_lconv_num 11 API calls 11924->11925 11925->11917 11927 7ff6e046678a 11926->11927 11928 7ff6e0466874 __free_lconv_num 11 API calls 11927->11928 11928->11917 11930 7ff6e044873a _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 11929->11930 11931 7ff6e0448762 RtlCaptureContext RtlLookupFunctionEntry 11930->11931 11932 7ff6e044879c RtlVirtualUnwind 11931->11932 11933 7ff6e04487d2 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11931->11933 11932->11933 11934 7ff6e0448824 _invalid_parameter_noinfo_noreturn 11933->11934 11935 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 11934->11935 11936 7ff6e0448843 GetCurrentProcess TerminateProcess 11935->11936 11946 7ff6e046b2ec 11937->11946 11972 7ff6e046b2a4 11946->11972 11977 7ff6e0463748 EnterCriticalSection 11972->11977 12023 7ff6e04392ea RtlLookupFunctionEntry 12022->12023 12024 7ff6e04390fb 12023->12024 12025 7ff6e0439300 RtlVirtualUnwind 12023->12025 12026 7ff6e0439090 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12024->12026 12025->12023 12025->12024 12028 7ff6e0448864 _invalid_parameter_noinfo_noreturn 52 API calls 12027->12028 12029 7ff6e0448a09 12028->12029 12030 7ff6e0448a20 _invalid_parameter_noinfo_noreturn 17 API calls 12029->12030 12031 7ff6e0448a1e 12030->12031 12033 7ff6e04292b0 12032->12033 12033->12033 12044 7ff6e0429550 12033->12044 12036 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12037 7ff6e038ddf6 12036->12037 12038 7ff6e0429410 12037->12038 12039 7ff6e0429451 12038->12039 12052 7ff6e0429360 12039->12052 12042 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12043 7ff6e038de96 12042->12043 12043->11739 12045 7ff6e0429590 12044->12045 12045->12045 12046 7ff6e04295e3 RtlLookupFunctionEntry 12045->12046 12047 7ff6e0429639 12046->12047 12049 7ff6e0429695 12046->12049 12048 7ff6e0429647 RtlVirtualUnwind RtlLookupFunctionEntry 12047->12048 12047->12049 12048->12047 12048->12049 12050 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12049->12050 12051 7ff6e042933e 12050->12051 12051->12036 12053 7ff6e042939a RaiseException 12052->12053 12055 7ff6e04293f8 12053->12055 12056 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12055->12056 12057 7ff6e0429405 12056->12057 12057->12042 12061 7ff6e043bde0 12058->12061 12067 7ff6e043bdfc 12061->12067 12064 7ff6e043ab05 12064->11743 12065 7ff6e0459d88 std::locale::_Setgloballocale 52 API calls 12066 7ff6e043bdf8 12065->12066 12068 7ff6e043be1b GetLastError 12067->12068 12069 7ff6e043bde9 12067->12069 12081 7ff6e04473c4 12068->12081 12069->12064 12069->12065 12082 7ff6e04471e4 __vcrt_InitializeCriticalSectionEx 5 API calls 12081->12082 12083 7ff6e04473eb TlsGetValue 12082->12083 12085 7ff6e03c0850 12090 7ff6e038cce0 12085->12090 12087 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12088 7ff6e03c0916 12087->12088 12100 7ff6e038dc20 12090->12100 12092 7ff6e038cd3b 12093 7ff6e038cd8e 12092->12093 12094 7ff6e038cdc2 12092->12094 12097 7ff6e043abc0 __std_exception_destroy 13 API calls 12093->12097 12095 7ff6e043abc0 __std_exception_destroy 13 API calls 12094->12095 12096 7ff6e038cdbd 12095->12096 12098 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12096->12098 12097->12096 12099 7ff6e038ce03 12098->12099 12099->12087 12111 7ff6e038dec0 12100->12111 12104 7ff6e038dcfe 12104->12092 12105 7ff6e038dc55 12105->12104 12160 7ff6e03a6170 12105->12160 12107 7ff6e038dd8c 12107->12092 12108 7ff6e038dd47 12108->12107 12109 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12108->12109 12110 7ff6e038ddac 12109->12110 12110->12092 12112 7ff6e038df01 12111->12112 12114 7ff6e038e06c 12111->12114 12113 7ff6e038e012 12112->12113 12163 7ff6e038cab0 12112->12163 12116 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12113->12116 12117 7ff6e038d9d0 59 API calls 12114->12117 12119 7ff6e038dc4d 12116->12119 12120 7ff6e038e08b 12117->12120 12145 7ff6e0418650 12119->12145 12124 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12120->12124 12121 7ff6e038dfcf 12123 7ff6e038dfd4 WaitForSingleObject 12121->12123 12142 7ff6e038dfc1 12121->12142 12122 7ff6e038df31 12178 7ff6e038e200 12122->12178 12123->12142 12130 7ff6e038e09b 12124->12130 12127 7ff6e038dff7 CloseHandle 12129 7ff6e0438990 12127->12129 12128 7ff6e038df6e 12181 7ff6e04389e0 12128->12181 12129->12113 12134 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12130->12134 12132 7ff6e038e03e 12214 7ff6e038d9d0 12132->12214 12135 7ff6e038e0ec 12134->12135 12143 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12135->12143 12142->12113 12142->12127 12144 7ff6e038e140 12143->12144 12156 7ff6e0418666 12145->12156 12157 7ff6e04186b0 12145->12157 12147 7ff6e041867d 12147->12105 12149 7ff6e0418694 12537 7ff6e04187d0 12149->12537 12151 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12153 7ff6e04186cc 12151->12153 12549 7ff6e038c910 12153->12549 12154 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12154->12157 12156->12147 12156->12149 12159 7ff6e03a6170 55 API calls 12156->12159 12543 7ff6e0418850 12157->12543 12159->12149 12552 7ff6e04357e0 12160->12552 12225 7ff6e0418480 12163->12225 12165 7ff6e038caf1 12166 7ff6e038cb23 12165->12166 12167 7ff6e038cb0c CloseHandle 12165->12167 12168 7ff6e038cb45 12166->12168 12169 7ff6e038cb5b 12166->12169 12170 7ff6e0438990 12167->12170 12171 7ff6e038cb57 12168->12171 12172 7ff6e038cb4c LeaveCriticalSection 12168->12172 12173 7ff6e04389e0 std::_Facet_Register 56 API calls 12169->12173 12170->12166 12176 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12171->12176 12172->12171 12174 7ff6e038cb65 CreateEventW 12173->12174 12174->12171 12175 7ff6e038cb9a LeaveCriticalSection 12174->12175 12175->12171 12177 7ff6e038cbb4 12176->12177 12177->12121 12177->12122 12236 7ff6e038e2f0 12178->12236 12182 7ff6e04389eb 12181->12182 12183 7ff6e038df83 12182->12183 12184 7ff6e0464fac std::_Facet_Register 2 API calls 12182->12184 12185 7ff6e0438a0a 12182->12185 12190 7ff6e0418f20 12183->12190 12184->12182 12188 7ff6e0438a15 12185->12188 12314 7ff6e0434cb4 12185->12314 12324 7ff6e038c1e0 12188->12324 12189 7ff6e0438a1b 12191 7ff6e0418f3b 12190->12191 12191->12191 12382 7ff6e0418ea0 12191->12382 12195 7ff6e0418f55 12404 7ff6e04188d0 EnterCriticalSection 12195->12404 12198 7ff6e0418550 12199 7ff6e0418480 73 API calls 12198->12199 12200 7ff6e0418590 12199->12200 12201 7ff6e0418616 12200->12201 12202 7ff6e04185a3 SetEvent 12200->12202 12206 7ff6e038d9d0 59 API calls 12201->12206 12203 7ff6e04185bf 12202->12203 12210 7ff6e04185db 12202->12210 12207 7ff6e04185c4 CloseHandle 12203->12207 12203->12210 12204 7ff6e04185f8 12208 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12204->12208 12205 7ff6e04185ed LeaveCriticalSection 12205->12204 12209 7ff6e0418637 12206->12209 12207->12210 12211 7ff6e0418605 12208->12211 12212 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12209->12212 12210->12204 12210->12205 12211->12142 12213 7ff6e0418648 12212->12213 12215 7ff6e038d9eb 12214->12215 12216 7ff6e038c7b0 54 API calls 12215->12216 12217 7ff6e038da00 12216->12217 12218 7ff6e038ddc0 13 API calls 12217->12218 12219 7ff6e038da13 12218->12219 12220 7ff6e043ba40 12219->12220 12221 7ff6e043ba5f 12220->12221 12222 7ff6e043ba88 RtlPcToFileHeader 12221->12222 12223 7ff6e043baaa RaiseException 12221->12223 12224 7ff6e043baa0 12222->12224 12223->12114 12224->12223 12226 7ff6e04184a9 12225->12226 12227 7ff6e041852d EnterCriticalSection 12225->12227 12228 7ff6e04389e0 std::_Facet_Register 56 API calls 12226->12228 12227->12165 12229 7ff6e04184b6 InitializeCriticalSection 12228->12229 12230 7ff6e04184d7 DeleteCriticalSection 12229->12230 12231 7ff6e04184ef 12229->12231 12235 7ff6e04184ed 12230->12235 12232 7ff6e04389e0 std::_Facet_Register 56 API calls 12231->12232 12233 7ff6e04184f9 12232->12233 12234 7ff6e0418f20 73 API calls 12233->12234 12234->12235 12235->12227 12237 7ff6e04389e0 std::_Facet_Register 56 API calls 12236->12237 12238 7ff6e038e2fe 12237->12238 12241 7ff6e038e320 12238->12241 12242 7ff6e038e374 12241->12242 12244 7ff6e038df5a 12242->12244 12245 7ff6e038e450 12242->12245 12244->12128 12244->12132 12246 7ff6e038e48e 12245->12246 12253 7ff6e03f47c0 12246->12253 12251 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12252 7ff6e038e5e4 12251->12252 12252->12244 12263 7ff6e03f4860 InitOnceBeginInitialize 12253->12263 12256 7ff6e043b8d0 12257 7ff6e043b916 12256->12257 12260 7ff6e038e55c 12256->12260 12258 7ff6e043b93c RtlPcToFileHeader 12257->12258 12259 7ff6e043b95a FindMITargetTypeInstance 12257->12259 12258->12259 12259->12260 12261 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12259->12261 12260->12251 12262 7ff6e043ba34 12261->12262 12264 7ff6e03f48b6 12263->12264 12280 7ff6e03f4a2c 12263->12280 12266 7ff6e03f4999 12264->12266 12268 7ff6e04389e0 std::_Facet_Register 56 API calls 12264->12268 12265 7ff6e0459d88 std::locale::_Setgloballocale 52 API calls 12267 7ff6e03f4a32 12265->12267 12269 7ff6e03f49e4 12266->12269 12270 7ff6e03f4a05 12266->12270 12293 7ff6e0437410 12267->12293 12271 7ff6e03f48d8 12268->12271 12273 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12269->12273 12288 7ff6e03e3380 12270->12288 12283 7ff6e03f57f0 12271->12283 12277 7ff6e038e4a7 12273->12277 12276 7ff6e03f4a38 12277->12256 12279 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12279->12280 12280->12265 12281 7ff6e03f4983 InitOnceComplete 12281->12266 12281->12267 12282 7ff6e03f490a 12282->12281 12284 7ff6e04389e0 std::_Facet_Register 56 API calls 12283->12284 12285 7ff6e03f5841 InitializeCriticalSection 12284->12285 12286 7ff6e03f5e90 57 API calls 12285->12286 12287 7ff6e03f5875 12286->12287 12287->12282 12289 7ff6e038c7b0 54 API calls 12288->12289 12290 7ff6e03e33a9 12289->12290 12291 7ff6e038ddc0 13 API calls 12290->12291 12292 7ff6e03e33b2 12291->12292 12292->12279 12294 7ff6e0459d88 std::locale::_Setgloballocale 52 API calls 12293->12294 12295 7ff6e0437419 12294->12295 12296 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 12295->12296 12297 7ff6e043743a 12296->12297 12298 7ff6e0435e48 std::_Lockit::_Lockit 6 API calls 12297->12298 12303 7ff6e0437489 12297->12303 12299 7ff6e043745f 12298->12299 12301 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 12299->12301 12300 7ff6e0435ec0 std::_Lockit::~_Lockit LeaveCriticalSection 12302 7ff6e0437521 12300->12302 12301->12303 12302->12276 12304 7ff6e0437810 92 API calls 12303->12304 12310 7ff6e04374d6 12303->12310 12305 7ff6e04374e8 12304->12305 12306 7ff6e04374ee 12305->12306 12307 7ff6e043752f 12305->12307 12308 7ff6e0435acc std::_Facet_Register 56 API calls 12306->12308 12309 7ff6e03a5e90 Concurrency::cancel_current_task RtlPcToFileHeader RaiseException 12307->12309 12308->12310 12311 7ff6e0437534 12309->12311 12310->12300 12312 7ff6e0437a6c 86 API calls 12311->12312 12313 7ff6e0437592 12311->12313 12312->12313 12313->12276 12315 7ff6e0434cc2 Concurrency::cancel_current_task 12314->12315 12316 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12315->12316 12317 7ff6e0434cd3 Concurrency::cancel_current_task 12316->12317 12318 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12317->12318 12319 7ff6e0434cf3 12318->12319 12338 7ff6e03a62b0 12319->12338 12322 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12323 7ff6e0434d16 12322->12323 12325 7ff6e038c1ee Concurrency::cancel_current_task 12324->12325 12326 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12325->12326 12327 7ff6e038c1ff 12326->12327 12328 7ff6e038c2e8 12327->12328 12329 7ff6e038c23a 12327->12329 12364 7ff6e038bfb0 12328->12364 12331 7ff6e038c248 _Yarn 12329->12331 12332 7ff6e038c2ed 12329->12332 12333 7ff6e038c279 12329->12333 12331->12189 12334 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12332->12334 12346 7ff6e038c020 12333->12346 12336 7ff6e038c2f3 12334->12336 12336->12189 12337 7ff6e038c290 _Yarn 12337->12189 12341 7ff6e03a62f0 12338->12341 12342 7ff6e043ab30 __std_exception_copy 54 API calls 12341->12342 12343 7ff6e03a6340 12342->12343 12344 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12343->12344 12345 7ff6e03a62d1 12344->12345 12345->12322 12347 7ff6e038c037 12346->12347 12355 7ff6e038c061 12346->12355 12348 7ff6e038c040 12347->12348 12349 7ff6e038c076 12347->12349 12351 7ff6e04389e0 std::_Facet_Register 56 API calls 12348->12351 12350 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12349->12350 12352 7ff6e038c048 12350->12352 12351->12352 12353 7ff6e038c050 12352->12353 12354 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12352->12354 12353->12337 12357 7ff6e038c081 12354->12357 12356 7ff6e038c06f 12355->12356 12358 7ff6e0464fac std::_Facet_Register 2 API calls 12355->12358 12359 7ff6e0438a0a 12355->12359 12356->12337 12358->12355 12360 7ff6e0438a15 12359->12360 12361 7ff6e0434cb4 Concurrency::cancel_current_task 56 API calls 12359->12361 12362 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12360->12362 12361->12360 12363 7ff6e0438a1b 12362->12363 12374 7ff6e0434d18 12364->12374 12379 7ff6e0434b88 12374->12379 12377 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12378 7ff6e0434d3a 12377->12378 12380 7ff6e043ab30 __std_exception_copy 54 API calls 12379->12380 12381 7ff6e0434bbc 12380->12381 12381->12377 12383 7ff6e0418eb3 12382->12383 12391 7ff6e0418ef7 12382->12391 12417 7ff6e0438f20 12383->12417 12386 7ff6e0438f20 55 API calls 12387 7ff6e0418ecb 12386->12387 12388 7ff6e0438f20 55 API calls 12387->12388 12389 7ff6e0418ed7 12388->12389 12420 7ff6e0428a70 12389->12420 12392 7ff6e0418a00 12391->12392 12393 7ff6e0418a96 12392->12393 12394 7ff6e0418a14 12392->12394 12393->12195 12395 7ff6e04389e0 std::_Facet_Register 56 API calls 12394->12395 12396 7ff6e0418a30 InitializeCriticalSection 12395->12396 12396->12393 12397 7ff6e0418a9b 12396->12397 12438 7ff6e03e37b0 12397->12438 12399 7ff6e0418aa0 12443 7ff6e03a5fc0 12399->12443 12401 7ff6e0418aa9 12402 7ff6e03a5fc0 52 API calls 12401->12402 12403 7ff6e0418ab2 DeleteCriticalSection 12402->12403 12403->12393 12409 7ff6e0418962 12404->12409 12411 7ff6e0418927 12404->12411 12405 7ff6e04189d0 LeaveCriticalSection 12406 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12405->12406 12408 7ff6e038dfb2 12406->12408 12408->12198 12409->12405 12410 7ff6e0418981 12409->12410 12458 7ff6e04194a0 12409->12458 12413 7ff6e0418cc0 74 API calls 12410->12413 12411->12405 12414 7ff6e0418960 12411->12414 12448 7ff6e0418cc0 12411->12448 12416 7ff6e04189a2 12413->12416 12414->12405 12415 7ff6e0418cc0 74 API calls 12415->12416 12416->12405 12416->12415 12423 7ff6e0438ee4 12417->12423 12419 7ff6e0418ebf 12419->12386 12421 7ff6e04389e0 std::_Facet_Register 56 API calls 12420->12421 12422 7ff6e0428a93 12421->12422 12422->12391 12422->12422 12424 7ff6e0438efe 12423->12424 12426 7ff6e0438ef7 12423->12426 12427 7ff6e04653e0 12424->12427 12426->12419 12430 7ff6e046501c 12427->12430 12437 7ff6e0463748 EnterCriticalSection 12430->12437 12439 7ff6e03e3822 12438->12439 12440 7ff6e03e37cc 12438->12440 12439->12399 12440->12439 12441 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12440->12441 12442 7ff6e03e3847 12441->12442 12444 7ff6e03a5fd7 12443->12444 12445 7ff6e03a6000 12443->12445 12444->12445 12446 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12444->12446 12445->12401 12447 7ff6e03a6020 12446->12447 12447->12401 12470 7ff6e04275a0 12448->12470 12451 7ff6e0418d50 12454 7ff6e0418d5e 12451->12454 12484 7ff6e0419230 12451->12484 12452 7ff6e0418def 12452->12454 12455 7ff6e04194a0 76 API calls 12452->12455 12456 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12454->12456 12455->12454 12457 7ff6e0418e78 12456->12457 12457->12411 12459 7ff6e04195b3 12458->12459 12460 7ff6e04194f5 12458->12460 12461 7ff6e038f840 56 API calls 12459->12461 12462 7ff6e0419515 12460->12462 12463 7ff6e04195b8 12460->12463 12461->12463 12464 7ff6e038c020 Concurrency::cancel_current_task 56 API calls 12462->12464 12465 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12463->12465 12467 7ff6e041952a _Yarn 12464->12467 12466 7ff6e04195be 12465->12466 12466->12410 12502 7ff6e038f920 12467->12502 12469 7ff6e041959e 12469->12410 12471 7ff6e04389e0 std::_Facet_Register 56 API calls 12470->12471 12472 7ff6e04275f9 12471->12472 12473 7ff6e0427632 GetModuleHandleW GetProcAddress 12472->12473 12474 7ff6e04277e8 12473->12474 12475 7ff6e042766e 12473->12475 12495 7ff6e0427820 12474->12495 12477 7ff6e04389e0 std::_Facet_Register 56 API calls 12475->12477 12480 7ff6e042768c 12475->12480 12477->12480 12479 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12482 7ff6e042781a 12479->12482 12481 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12480->12481 12483 7ff6e0418d40 12481->12483 12483->12451 12483->12452 12485 7ff6e041927e 12484->12485 12494 7ff6e0419485 12484->12494 12487 7ff6e041948b 12485->12487 12488 7ff6e038c020 Concurrency::cancel_current_task 56 API calls 12485->12488 12489 7ff6e038c1e0 Concurrency::cancel_current_task 56 API calls 12487->12489 12491 7ff6e04192b6 12488->12491 12490 7ff6e0419491 12489->12490 12492 7ff6e041944d 12491->12492 12493 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12491->12493 12492->12454 12493->12494 12499 7ff6e038f840 12494->12499 12496 7ff6e042783b 12495->12496 12497 7ff6e038c7b0 54 API calls 12496->12497 12498 7ff6e0427809 12497->12498 12498->12479 12500 7ff6e0434d18 Concurrency::cancel_current_task 56 API calls 12499->12500 12501 7ff6e038f850 12500->12501 12503 7ff6e038f946 12502->12503 12504 7ff6e038f96f 12502->12504 12503->12504 12505 7ff6e04489f0 _invalid_parameter_noinfo_noreturn 52 API calls 12503->12505 12504->12469 12506 7ff6e038f9a4 12505->12506 12510 7ff6e038f9f2 12506->12510 12513 7ff6e038e150 12506->12513 12510->12469 12529 7ff6e0434d3c 12513->12529 12534 7ff6e0434c0c 12529->12534 12532 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12533 7ff6e0434d5e 12532->12533 12535 7ff6e043ab30 __std_exception_copy 54 API calls 12534->12535 12536 7ff6e0434c40 12535->12536 12536->12532 12538 7ff6e0418802 12537->12538 12539 7ff6e038c7b0 54 API calls 12538->12539 12540 7ff6e0418825 12539->12540 12541 7ff6e03a64b0 52 API calls 12540->12541 12542 7ff6e041869f 12541->12542 12542->12154 12544 7ff6e0418882 12543->12544 12545 7ff6e038c7b0 54 API calls 12544->12545 12546 7ff6e04188a5 12545->12546 12547 7ff6e03a64b0 52 API calls 12546->12547 12548 7ff6e04186bb 12547->12548 12548->12151 12550 7ff6e043ab30 __std_exception_copy 54 API calls 12549->12550 12551 7ff6e038c94b 12550->12551 12551->12105 12554 7ff6e043580e 12552->12554 12559 7ff6e0435827 12552->12559 12553 7ff6e043592a RaiseException 12555 7ff6e0438970 Concurrency::cancel_current_task 8 API calls 12553->12555 12556 7ff6e043ba40 Concurrency::cancel_current_task 2 API calls 12554->12556 12557 7ff6e03a6188 12555->12557 12556->12559 12558 7ff6e043595d 12560 7ff6e0459d88 std::locale::_Setgloballocale 52 API calls 12558->12560 12559->12553 12559->12558 12562 7ff6e04358e7 std::_Locinfo::_Locinfo_ctor 12559->12562 12561 7ff6e0435962 12560->12561 12562->12553

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF6E046F5E8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 120 7ff6e046f5e8-7ff6e046f644 call 7ff6e04664b0 123 7ff6e046f65d-7ff6e046f664 120->123 124 7ff6e046f646-7ff6e046f65a call 7ff6e046f54c 120->124 126 7ff6e046f666-7ff6e046f66d 123->126 127 7ff6e046f6b3 call 7ff6e046ee2c 123->127 124->123 129 7ff6e046f676 call 7ff6e046efa4 126->129 130 7ff6e046f66f-7ff6e046f674 call 7ff6e046eed4 126->130 134 7ff6e046f6b8-7ff6e046f6bc 127->134 137 7ff6e046f67b-7ff6e046f67f 129->137 130->137 135 7ff6e046f815 134->135 136 7ff6e046f6c2-7ff6e046f6cd 134->136 142 7ff6e046f817-7ff6e046f835 135->142 139 7ff6e046f6dd-7ff6e046f6e0 call 7ff6e046f41c 136->139 140 7ff6e046f6cf-7ff6e046f6d3 136->140 137->136 141 7ff6e046f681-7ff6e046f697 call 7ff6e046f54c 137->141 146 7ff6e046f6e5-7ff6e046f6e9 139->146 140->139 143 7ff6e046f6d5-7ff6e046f6db GetACP 140->143 141->134 149 7ff6e046f699-7ff6e046f6a3 141->149 143->146 146->135 148 7ff6e046f6ef-7ff6e046f6f4 146->148 148->135 150 7ff6e046f6fa-7ff6e046f705 IsValidCodePage 148->150 151 7ff6e046f6ac-7ff6e046f6b1 call 7ff6e046efa4 149->151 152 7ff6e046f6a5-7ff6e046f6aa call 7ff6e046eed4 149->152 150->135 153 7ff6e046f70b-7ff6e046f70e 150->153 151->134 152->134 156 7ff6e046f713-7ff6e046f716 153->156 157 7ff6e046f710 153->157 160 7ff6e046f71c-7ff6e046f727 156->160 161 7ff6e046f80e-7ff6e046f813 156->161 157->156 162 7ff6e046f72b-7ff6e046f733 160->162 161->142 162->162 163 7ff6e046f735-7ff6e046f74a call 7ff6e0458e2c 162->163 166 7ff6e046f836-7ff6e046f8c7 call 7ff6e0448a20 call 7ff6e04664b0 * 2 call 7ff6e046fdf8 GetLocaleInfoW 163->166 167 7ff6e046f750-7ff6e046f766 call 7ff6e0467140 163->167 184 7ff6e046f8c9-7ff6e046f8ce 166->184 185 7ff6e046f8d0-7ff6e046f8e3 call 7ff6e045d0e4 166->185 167->135 172 7ff6e046f76c-7ff6e046f78b call 7ff6e0467140 167->172 172->135 178 7ff6e046f791-7ff6e046f7a1 call 7ff6e043bcdc 172->178 186 7ff6e046f7b3-7ff6e046f7ca call 7ff6e0467140 178->186 187 7ff6e046f7a3-7ff6e046f7b1 call 7ff6e043bcdc 178->187 188 7ff6e046f90f-7ff6e046f937 call 7ff6e0438970 184->188 196 7ff6e046f905-7ff6e046f90c 185->196 197 7ff6e046f8e5 185->197 186->135 198 7ff6e046f7cc-7ff6e046f7d9 186->198 187->186 187->198 196->188 202 7ff6e046f8ec-7ff6e046f8ef 197->202 200 7ff6e046f7fa-7ff6e046f809 call 7ff6e0459068 198->200 201 7ff6e046f7db-7ff6e046f7f6 call 7ff6e0458e2c 198->201 200->161 201->166 208 7ff6e046f7f8 201->208 202->196 205 7ff6e046f8f1-7ff6e046f8fa 202->205 205->202 207 7ff6e046f8fc-7ff6e046f902 205->207 207->196 208->161
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                • String ID: utf8
                                                                                                                                                                • API String ID: 1791977518-905460609
                                                                                                                                                                • Opcode ID: f4b282971415709c5dad6961647563334a21f4254bff6cbf59ea5630e6281cf4
                                                                                                                                                                • Instruction ID: bc8f4ca4a163eeb892082ed7e2bf06f4f24bacba9859202b22588b6f4afb4d42
                                                                                                                                                                • Opcode Fuzzy Hash: f4b282971415709c5dad6961647563334a21f4254bff6cbf59ea5630e6281cf4
                                                                                                                                                                • Instruction Fuzzy Hash: DF919F33A18743E1E720AF21E6413B922A4EF44B80F444131DA8DE7795EF3EE55AC74A
                                                                                                                                                                Function 00007FF6E04664B0 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 570795689-0
                                                                                                                                                                • Opcode ID: da15903de82778876649aff6e550818b390fd73bd1de49d16bc44e45de055a31
                                                                                                                                                                • Instruction ID: d45d62027f9a2d9e8988fca0de0db61e6484b0bd89f41d50ab1357449419f185
                                                                                                                                                                • Opcode Fuzzy Hash: da15903de82778876649aff6e550818b390fd73bd1de49d16bc44e45de055a31
                                                                                                                                                                • Instruction Fuzzy Hash: E4414762E28207F2FA28A731775237911925F457B0F641739D82EC67D6FD3EB809434A
                                                                                                                                                                Function 00007FF6E03C55B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressFeatureHandleModulePresentProcProcessor
                                                                                                                                                                • String ID: LdrEnumerateLoadedModules$asw::main::impl::at_exit_action_node::action_failed_exception::action_failed_exception: atexit action throws exception!$ntdll
                                                                                                                                                                • API String ID: 431857297-521359223
                                                                                                                                                                • Opcode ID: 8cc7187c1e48b0e137204187c6205cac412951973900bf0cf519ddca150740fd
                                                                                                                                                                • Instruction ID: 0a0614227680f92daef40194a88d7269943d6d5f7c2754c270fe64e7a67b6534
                                                                                                                                                                • Opcode Fuzzy Hash: 8cc7187c1e48b0e137204187c6205cac412951973900bf0cf519ddca150740fd
                                                                                                                                                                • Instruction Fuzzy Hash: FE418123E19683E2EB14AB60E6453BD2350BF99344F501239E68D877D2DF2EE558870A
                                                                                                                                                                Function 00007FF6E0466CE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF6E0467618,?,?,?,?,00007FF6E04637CD,?,?,?,?,00007FF6E0435E5C), ref: 00007FF6E0466E5F
                                                                                                                                                                • GetProcAddressForCaller.KERNELBASE(?,?,00000000,00007FF6E0467618,?,?,?,?,00007FF6E04637CD,?,?,?,?,00007FF6E0435E5C), ref: 00007FF6E0466E6B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressCallerFreeLibraryProc
                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                • API String ID: 3520295827-537541572
                                                                                                                                                                • Opcode ID: 6ba786f08f78f7e28089f67b172f1858db9f796f0ca8cce6ba22e415334f518f
                                                                                                                                                                • Instruction ID: dfe77bd0ecee08465d480080670b2e14359d7c5de540a2ccb6c4fcb25f999210
                                                                                                                                                                • Opcode Fuzzy Hash: 6ba786f08f78f7e28089f67b172f1858db9f796f0ca8cce6ba22e415334f518f
                                                                                                                                                                • Instruction Fuzzy Hash: 7F41B2A7B29A43E1FA12DB16EA043652395BF44BD0F444135ED1DCB788EE3EE449834A
                                                                                                                                                                Function 00007FF6E03EB240 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 209 7ff6e03eb240-7ff6e03eb279 210 7ff6e03eb291-7ff6e03eb2aa 209->210 211 7ff6e03eb27b-7ff6e03eb290 209->211 212 7ff6e03eb2c2-7ff6e03eb312 210->212 213 7ff6e03eb2ac-7ff6e03eb2c1 210->213 214 7ff6e03eb560-7ff6e03eb568 212->214 215 7ff6e03eb318-7ff6e03eb327 212->215 216 7ff6e03eb56a-7ff6e03eb574 214->216 217 7ff6e03eb587-7ff6e03eb58a 214->217 218 7ff6e03eb330-7ff6e03eb335 215->218 219 7ff6e03eb591-7ff6e03eb595 216->219 217->219 220 7ff6e03eb53e-7ff6e03eb552 218->220 221 7ff6e03eb33b-7ff6e03eb35f 218->221 224 7ff6e03eb598-7ff6e03eb5d0 219->224 220->218 223 7ff6e03eb558 220->223 222 7ff6e03eb360-7ff6e03eb36a 221->222 222->222 225 7ff6e03eb36c-7ff6e03eb395 222->225 223->214 225->220 226 7ff6e03eb39b 225->226 227 7ff6e03eb3a0-7ff6e03eb3a5 226->227 228 7ff6e03eb3ab-7ff6e03eb3dc CompareStringW 227->228 229 7ff6e03eb527-7ff6e03eb539 227->229 230 7ff6e03eb3e2-7ff6e03eb3e9 228->230 231 7ff6e03eb508-7ff6e03eb521 228->231 229->220 232 7ff6e03eb3f0-7ff6e03eb3fb 230->232 231->227 231->229 232->232 233 7ff6e03eb3fd-7ff6e03eb426 232->233 233->231 234 7ff6e03eb42c 233->234 235 7ff6e03eb430-7ff6e03eb436 234->235 235->231 236 7ff6e03eb43c 235->236 237 7ff6e03eb443-7ff6e03eb44d 236->237 237->237 238 7ff6e03eb44f-7ff6e03eb474 237->238 239 7ff6e03eb4f1-7ff6e03eb502 238->239 240 7ff6e03eb476-7ff6e03eb47a 238->240 239->231 239->235 240->239 241 7ff6e03eb47c-7ff6e03eb487 240->241 242 7ff6e03eb490-7ff6e03eb49b 241->242 242->242 243 7ff6e03eb49d-7ff6e03eb4d8 CompareStringW 242->243 244 7ff6e03eb4de-7ff6e03eb4ef 243->244 245 7ff6e03eb576-7ff6e03eb585 243->245 244->239 244->240 245->224
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                • API String ID: 0-3023212541
                                                                                                                                                                • Opcode ID: 2d2e29025c06a646549f2caa510b9705cebe246cf46ef38af85dc0f69d13b2a3
                                                                                                                                                                • Instruction ID: 4c427c58a366699719dd3a5ffd21cf3da0fd922cc64c5c829e36a0207fcd8150
                                                                                                                                                                • Opcode Fuzzy Hash: 2d2e29025c06a646549f2caa510b9705cebe246cf46ef38af85dc0f69d13b2a3
                                                                                                                                                                • Instruction Fuzzy Hash: 93A1BC73A04B9696D7108B18E4403AAB7A0FB51B74F948326DABD837E4DF39D85AC701
                                                                                                                                                                Function 00007FF6E038DEC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180synchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6E038CAB0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF6E038DF25), ref: 00007FF6E038CB10
                                                                                                                                                                  • Part of subcall function 00007FF6E038CAB0: LeaveCriticalSection.KERNEL32 ref: 00007FF6E038CB51
                                                                                                                                                                • WaitForSingleObject.KERNEL32 ref: 00007FF6E038DFDD
                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00007FF6E038DFFF
                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E038E0E7
                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6E038E13B
                                                                                                                                                                  • Part of subcall function 00007FF6E0418550: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E038E1E4), ref: 00007FF6E04185A7
                                                                                                                                                                  • Part of subcall function 00007FF6E0418550: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E038E1E4), ref: 00007FF6E04185C8
                                                                                                                                                                  • Part of subcall function 00007FF6E0418550: LeaveCriticalSection.KERNEL32 ref: 00007FF6E04185F2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$CriticalLeaveSection_invalid_parameter_noinfo_noreturn$EventObjectSingleWait
                                                                                                                                                                • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                • API String ID: 3909378210-2706815617
                                                                                                                                                                • Opcode ID: ddf7a2c954f341ad42ce7b6e91e2f816d2ffa70e65a5171170a2a96e94807c85
                                                                                                                                                                • Instruction ID: eb4b4bad7e0895f860d1ca2627a001fee84fea2d5b7753f7cfca1ded38de23c7
                                                                                                                                                                • Opcode Fuzzy Hash: ddf7a2c954f341ad42ce7b6e91e2f816d2ffa70e65a5171170a2a96e94807c85
                                                                                                                                                                • Instruction Fuzzy Hash: 0E719C33A09B42E5EB10DF20E4803AC73A5EB54788F501536EB8D87B99DF39D495C349
                                                                                                                                                                Function 00007FF6E0418550 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6E0418480: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FF6E0418590), ref: 00007FF6E04184C1
                                                                                                                                                                  • Part of subcall function 00007FF6E0418480: DeleteCriticalSection.KERNEL32(?,?,?,?,?,00007FF6E0418590), ref: 00007FF6E04184DA
                                                                                                                                                                  • Part of subcall function 00007FF6E0418480: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF6E0418590), ref: 00007FF6E0418537
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E038E1E4), ref: 00007FF6E04185A7
                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6E038E1E4), ref: 00007FF6E04185C8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00007FF6E04185F2
                                                                                                                                                                Strings
                                                                                                                                                                • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF6E0418616
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CloseDeleteEnterEventHandleInitializeLeave
                                                                                                                                                                • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                • API String ID: 3040484998-3605786268
                                                                                                                                                                • Opcode ID: 53f8d3dcd99a1138f11466b3ff8eb99b2b841bd9129ae30f5c6943f120eedb1b
                                                                                                                                                                • Instruction ID: 47b3e16a4566710c0af71617603722387d10ffcc8291a19b7bfe9bdd9e0f8461
                                                                                                                                                                • Opcode Fuzzy Hash: 53f8d3dcd99a1138f11466b3ff8eb99b2b841bd9129ae30f5c6943f120eedb1b
                                                                                                                                                                • Instruction Fuzzy Hash: FF217E23A08A06E2EB00DB24EA543796360FF84790F544535DA5DC3765DF3EE49DC745
                                                                                                                                                                Function 00007FF6E04671D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DefaultUser$LocaleName
                                                                                                                                                                • String ID: GetUserDefaultLocaleName
                                                                                                                                                                • API String ID: 1141742295-151340334
                                                                                                                                                                • Opcode ID: 90c7cba616e7bb8189e2da5b995f22248e56dc030d954d7f01c1725267d5df62
                                                                                                                                                                • Instruction ID: fbce78ebd08499d9610ab3e0d5fa059f7214f0ad9f9b57cdf3902a297abe9519
                                                                                                                                                                • Opcode Fuzzy Hash: 90c7cba616e7bb8189e2da5b995f22248e56dc030d954d7f01c1725267d5df62
                                                                                                                                                                • Instruction Fuzzy Hash: 4CF02E23B28243F1EB109B91B7507B92261AF487C0F804036D90E87B45EE3ED84DC78A
                                                                                                                                                                Function 00007FF6E038CCE0 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __std_exception_destroy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2453523683-0
                                                                                                                                                                • Opcode ID: d6ef4d953a2b881a370d9ed52f6ec6a1607e6d6ffbd72dcdd8d42952ae46fdd3
                                                                                                                                                                • Instruction ID: bae372d2f567b2c7631d32c8615455de786e2ada0dbfb4f074e576710ab32c77
                                                                                                                                                                • Opcode Fuzzy Hash: d6ef4d953a2b881a370d9ed52f6ec6a1607e6d6ffbd72dcdd8d42952ae46fdd3
                                                                                                                                                                • Instruction Fuzzy Hash: C541A233A18B42D2EB50DF15E98432AB3A4FB58B90F158136DA5D837A0DF3EE849C745
                                                                                                                                                                Function 00007FF6E038C020 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 73155330-0
                                                                                                                                                                • Opcode ID: 0c7cb6519ebf39f42e6682189382c2f0f1c477887d2ffc8930f91371afa2e789
                                                                                                                                                                • Instruction ID: 0bed87ca1ddf951d9ff3e606c955f86e8afcdda3f0ed2b51ff1f0dcda033bdb3
                                                                                                                                                                • Opcode Fuzzy Hash: 0c7cb6519ebf39f42e6682189382c2f0f1c477887d2ffc8930f91371afa2e789
                                                                                                                                                                • Instruction Fuzzy Hash: 83F08293F2A703E5ED0CA751909633D11905F597A0F900B74E26EC17D1DE2EE4D5430A
                                                                                                                                                                Function 00007FF6E04389E0 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Concurrency::cancel_current_task
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 118556049-0
                                                                                                                                                                • Opcode ID: 6ae54405d3b7cdc9943cd09e05473c636e72e1f32f620f30e38d1b0e7814846d
                                                                                                                                                                • Instruction ID: 5e79e5e686c3460b757a9fd609d2ebf88ed0055b881f295478dc2afaecad9c54
                                                                                                                                                                • Opcode Fuzzy Hash: 6ae54405d3b7cdc9943cd09e05473c636e72e1f32f620f30e38d1b0e7814846d
                                                                                                                                                                • Instruction Fuzzy Hash: A9E0EC42E1A24BF5FE1832A2265A3B941804F5C770E282734D93ED53C7AD1EB49E435F
                                                                                                                                                                Function 00007FF6E0466874 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                • Opcode ID: 9bdf34576114e0bc6316843a7aad014734ecc5935aee5539168c6eb62d99f260
                                                                                                                                                                • Instruction ID: 604d8e84cf22b2982c38fd3baeefa5b951cc23728c6612a882b553135293dd22
                                                                                                                                                                • Opcode Fuzzy Hash: 9bdf34576114e0bc6316843a7aad014734ecc5935aee5539168c6eb62d99f260
                                                                                                                                                                • Instruction Fuzzy Hash: 75E0EC96F2A603F2FF1877F2AA5533811915F98740B444430C80DC2356ED3EA49D430A
                                                                                                                                                                Function 00007FF6E038DC20 Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle_invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3151167499-0
                                                                                                                                                                • Opcode ID: e6b59c8067450cbc41d4dfd5e693182dc546499b7641e772565c1d5dc10528db
                                                                                                                                                                • Instruction ID: 926d5ee14c94b403f9c44b7458b9165eefa7fe3a79aaae683362c957b69a94a7
                                                                                                                                                                • Opcode Fuzzy Hash: e6b59c8067450cbc41d4dfd5e693182dc546499b7641e772565c1d5dc10528db
                                                                                                                                                                • Instruction Fuzzy Hash: CD419A73A08B46A2EB149F26E540339B3A0FB94B81F148435DB8DC7798DE3DE895C706
                                                                                                                                                                Function 00007FF6E045ECD0 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                • Opcode ID: 00300a68b3a450e9af591e3c29bbe4f05d39d225b93e882f16e7e2b845f3f9b9
                                                                                                                                                                • Instruction ID: 84122dd369bcd9c49239c744119b08862c551ca6c55f97d5a4f68e334b8ec249
                                                                                                                                                                • Opcode Fuzzy Hash: 00300a68b3a450e9af591e3c29bbe4f05d39d225b93e882f16e7e2b845f3f9b9
                                                                                                                                                                • Instruction Fuzzy Hash: C6111473A10B06ECEB109FA0E4813EC37B8EB0835CF500526EA4D52B59EF34C299C395
                                                                                                                                                                Function 00007FF6E0466A40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF6E046668A,?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E0466A95
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                • Opcode ID: b5b48ee645ee0d33b5194a45bed3594a6177e3e2be73c99d3a861549bf2c224b
                                                                                                                                                                • Instruction ID: 9d4e56fdb28332d0a44bf1ebdb8bf696e6f71a00b0c306e63e611f2c38fc25f0
                                                                                                                                                                • Opcode Fuzzy Hash: b5b48ee645ee0d33b5194a45bed3594a6177e3e2be73c99d3a861549bf2c224b
                                                                                                                                                                • Instruction Fuzzy Hash: 51F06286B29203E0FE585AE267113B512805F89780F4C9435C90ED63C2FD3EE898431A
                                                                                                                                                                Function 00007FF6E0466814 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF6E046BEB5,?,?,00000000,00007FF6E04657CF,?,?,?,00007FF6E046514B,?,?,?,00007FF6E0465041), ref: 00007FF6E0466852
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                • Opcode ID: 2d77edec7ecab9ebeb6e527f546b8a1f2804d5b63a326de95238c0699f268de5
                                                                                                                                                                • Instruction ID: a421f4fc7bc71bdab89093a1d6469c3c354a6ae5b4938c012abc896decb710c8
                                                                                                                                                                • Opcode Fuzzy Hash: 2d77edec7ecab9ebeb6e527f546b8a1f2804d5b63a326de95238c0699f268de5
                                                                                                                                                                • Instruction Fuzzy Hash: E1F03A92F2E203E4FA9476B26B5137511815F947A0F080634D82EC63C2FE7EA488471A

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00007FF6E0470024 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2591520935-0
                                                                                                                                                                • Opcode ID: f38bbda603b4834224f6850d1545fd6aa1889f6767e608151c8adbf0f10175d2
                                                                                                                                                                • Instruction ID: aa93f2ee4e901580afc202102f4cac70f2a2a292126446f2eeb509c59c471abc
                                                                                                                                                                • Opcode Fuzzy Hash: f38bbda603b4834224f6850d1545fd6aa1889f6767e608151c8adbf0f10175d2
                                                                                                                                                                • Instruction Fuzzy Hash: 9E717E63B19602E5FB629BA0DA503B823A0BF44744F884135CE4D937D5EF3EE849C35A
                                                                                                                                                                Function 00007FF6E043955C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                • Opcode ID: 6802b58a4b88bc95406801cc78ab0eab3494cf3b6d1d8d3db5c9e8cec99407aa
                                                                                                                                                                • Instruction ID: 2cc6b60292b9cfed68e3d1b66a8e29e88c2359e96dfedbbb4b309c181ed508c0
                                                                                                                                                                • Opcode Fuzzy Hash: 6802b58a4b88bc95406801cc78ab0eab3494cf3b6d1d8d3db5c9e8cec99407aa
                                                                                                                                                                • Instruction Fuzzy Hash: 86316B73609A82E6EB608F60E9403E97360FB88744F40443ADA4E87B89EF3DD548C715
                                                                                                                                                                Function 00007FF6E0448700 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                • Opcode ID: 716f2138d73c859cabbe22bbdaace8b1bae49b1abca59869777676361969f9e5
                                                                                                                                                                • Instruction ID: 08bccbde8775414185ba95777232f3d5c748d954d26605c6e60190fc1f42f6d1
                                                                                                                                                                • Opcode Fuzzy Hash: 716f2138d73c859cabbe22bbdaace8b1bae49b1abca59869777676361969f9e5
                                                                                                                                                                • Instruction Fuzzy Hash: 66316E33608B82E6DB608F25E9403AE73A0FB88794F500139EA9D83B59DF3DD549CB05
                                                                                                                                                                Function 00007FF6E0451750 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1502251526-3916222277
                                                                                                                                                                • Opcode ID: d133ae0a0a2f81e79a54817ba04a6e4faade133bffc2a94f57c38f3159a9fc72
                                                                                                                                                                • Instruction ID: d86cd6f18441c9b96ab3e2c43530613cdeeeed2e783f7cd0b8575ff2db0726ec
                                                                                                                                                                • Opcode Fuzzy Hash: d133ae0a0a2f81e79a54817ba04a6e4faade133bffc2a94f57c38f3159a9fc72
                                                                                                                                                                • Instruction Fuzzy Hash: 7DC1C3B7A19686D7E724CF15E248B6AB792F784788F048135DB4A83B54DF3DE809CB04
                                                                                                                                                                Function 00007FF6E0467140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                • String ID: GetLocaleInfoEx
                                                                                                                                                                • API String ID: 2299586839-2904428671
                                                                                                                                                                • Opcode ID: 3dcb83835e48f66fe312620b4e6bf48166246bb62ff3c5e86e4a1659ee46978c
                                                                                                                                                                • Instruction ID: 28de4929afe6e1658d4601ce70cc52d4fe6a408bcca4827f51afea94c17e7bea
                                                                                                                                                                • Opcode Fuzzy Hash: 3dcb83835e48f66fe312620b4e6bf48166246bb62ff3c5e86e4a1659ee46978c
                                                                                                                                                                • Instruction Fuzzy Hash: E101DB23B18B42E5E7049F46B6002AAB760FF84BC0F984036DE4E93B59DE3DD5498785
                                                                                                                                                                Function 00007FF6E046F938 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6E04664B0: GetLastError.KERNEL32 ref: 00007FF6E04664BF
                                                                                                                                                                  • Part of subcall function 00007FF6E04664B0: FlsGetValue.KERNEL32 ref: 00007FF6E04664D4
                                                                                                                                                                  • Part of subcall function 00007FF6E04664B0: SetLastError.KERNEL32 ref: 00007FF6E046655F
                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6E0470127,?,00000000,00000092,?,?,00000000,?,00007FF6E045E999), ref: 00007FF6E046F9D6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3029459697-0
                                                                                                                                                                • Opcode ID: 6645dced9cbc372b7654aa07e850c22e3111017be7032cf255f7353e7ac78351
                                                                                                                                                                • Instruction ID: 8bd2eb58d3d0829dce954abe5990b2814dfec28a1d45aeeed0d641f196b6b6e8
                                                                                                                                                                • Opcode Fuzzy Hash: 6645dced9cbc372b7654aa07e850c22e3111017be7032cf255f7353e7ac78351
                                                                                                                                                                • Instruction Fuzzy Hash: 8411E7A3A28645EAEB158F15E1407BC77A1FB80FA0F448135C6AD933C4EE39D5D9C741
                                                                                                                                                                Function 00007FF6E046FA08 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6E04664B0: GetLastError.KERNEL32 ref: 00007FF6E04664BF
                                                                                                                                                                  • Part of subcall function 00007FF6E04664B0: FlsGetValue.KERNEL32 ref: 00007FF6E04664D4
                                                                                                                                                                  • Part of subcall function 00007FF6E04664B0: SetLastError.KERNEL32 ref: 00007FF6E046655F
                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6E04700E3,?,00000000,00000092,?,?,00000000,?,00007FF6E045E999), ref: 00007FF6E046FA86
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3029459697-0
                                                                                                                                                                • Opcode ID: 58d3ce4529ea5e953d2f4e934ce30c0c371d18ade537cfd3a772e56f2d4477df
                                                                                                                                                                • Instruction ID: 07613399bb4e1e3fe15ca25cb20aa7c3b87b77c4c15b24347a1f4add8ae92dc6
                                                                                                                                                                • Opcode Fuzzy Hash: 58d3ce4529ea5e953d2f4e934ce30c0c371d18ade537cfd3a772e56f2d4477df
                                                                                                                                                                • Instruction Fuzzy Hash: 05012873F2C242D6E7104F55F6407B972A1EB40BA4F459231D6AD933C4EF7E94888709
                                                                                                                                                                Function 00007FF6E0466C64 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6E046710F,?,?,?,?,?,?,?,?,00000000,00007FF6E046EF78), ref: 00007FF6E0466CB3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                • Opcode ID: 755fb5abbae5ed2029afc2e537ddc29eb8fd52f458f70d1bfd035419968f7661
                                                                                                                                                                • Instruction ID: ea7d0bf3e48bc3c144b7d9eaf8ed96d42fbbd25f9e692a9282caed0c8c7a348a
                                                                                                                                                                • Opcode Fuzzy Hash: 755fb5abbae5ed2029afc2e537ddc29eb8fd52f458f70d1bfd035419968f7661
                                                                                                                                                                • Instruction Fuzzy Hash: 2FF0A9B3B18A49E3E204CB19FA902A93365FB98B80F548031DA0CC3364EF3DD4548349
                                                                                                                                                                Function 00007FF6E039DB90 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                • String ID: bad locale name$false$true
                                                                                                                                                                • API String ID: 4121308752-1062449267
                                                                                                                                                                • Opcode ID: 752e9cc03629a36cf9ba7ec684d0de80677378a785f0b98d4eca0c0386455422
                                                                                                                                                                • Instruction ID: 5c5b52f9d04273c9db933483b58d49cee712745904b9f37fa061591b59fd85f5
                                                                                                                                                                • Opcode Fuzzy Hash: 752e9cc03629a36cf9ba7ec684d0de80677378a785f0b98d4eca0c0386455422
                                                                                                                                                                • Instruction Fuzzy Hash: 29618C23A09B42EAEB11DF60D5413AC33A1EF94748F441039DA8DA7B99DF3DE45AC349
                                                                                                                                                                Function 00007FF6E03977E0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 410COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID: Argument not found.$Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.$integral cannot be stored in char
                                                                                                                                                                • API String ID: 3668304517-2649470553
                                                                                                                                                                • Opcode ID: 9f6ffc03098bcd7b29597f508a80b1906960250c422dcbfe1357fc7d1b9a140d
                                                                                                                                                                • Instruction ID: 32c9f4ac71ae09876b94da46fd742ca41cc0fac90ac7862369a2f59e25cd328b
                                                                                                                                                                • Opcode Fuzzy Hash: 9f6ffc03098bcd7b29597f508a80b1906960250c422dcbfe1357fc7d1b9a140d
                                                                                                                                                                • Instruction Fuzzy Hash: D502D223A18B86A5EB20CB29D4403BC77A1FB64748F904136DA9D83BD9DF3EE585C705
                                                                                                                                                                Function 00007FF6E039B270 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 361COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocale_invalid_parameter_noinfo_noreturnstd::locale::_
                                                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                • API String ID: 1468110720-1689078516
                                                                                                                                                                • Opcode ID: 2a9289bd4a1658c86afe624b2a0568047633977f90ddc63b7bb368bdd4f00509
                                                                                                                                                                • Instruction ID: eba4eaa26cf10ef0607ddb2fe65ae57ff4e1ad90ead7b5ad3449bb79aeb85a09
                                                                                                                                                                • Opcode Fuzzy Hash: 2a9289bd4a1658c86afe624b2a0568047633977f90ddc63b7bb368bdd4f00509
                                                                                                                                                                • Instruction Fuzzy Hash: 70F1FE23A08B82E5EB10CB65E5803BD77A1FBA4788F944136DA8D83B99DF3DE544C705
                                                                                                                                                                Function 00007FF6E0397FF0 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 360COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocale_invalid_parameter_noinfo_noreturnstd::locale::_
                                                                                                                                                                • String ID: integral cannot be stored in char
                                                                                                                                                                • API String ID: 1468110720-960316848
                                                                                                                                                                • Opcode ID: 6ac6c6afd8063c424509a4c8cddf1b457c85a6048d794b78086499ce2a2a01e0
                                                                                                                                                                • Instruction ID: 1fa734de69d75fcca7bbfd02004c9933647b668e875bcdad163905849d0e8d5c
                                                                                                                                                                • Opcode Fuzzy Hash: 6ac6c6afd8063c424509a4c8cddf1b457c85a6048d794b78086499ce2a2a01e0
                                                                                                                                                                • Instruction Fuzzy Hash: 33F18B23A08B82A5EB10CB65E4803BD77B0FB94788F944136DA8D83B99DF3DE545C705
                                                                                                                                                                Function 00007FF6E0448E98 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                • String ID: 0$f$p$p
                                                                                                                                                                • API String ID: 3215553584-1202675169
                                                                                                                                                                • Opcode ID: 78f97fef39102b677912645197bd5e2216509ac6a4016ceb60a8f96d299a1b02
                                                                                                                                                                • Instruction ID: 800b3190537aa8997e468376ce4923737bf9b68f892c060e493646aac4de4e06
                                                                                                                                                                • Opcode Fuzzy Hash: 78f97fef39102b677912645197bd5e2216509ac6a4016ceb60a8f96d299a1b02
                                                                                                                                                                • Instruction Fuzzy Hash: 63129F23A0C143F6FB309E15D24437A76A1FB41750F944535E689877C8DE3EED8AAB0A
                                                                                                                                                                Function 00007FF6E039D8C0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                • String ID: bad locale name$false$true
                                                                                                                                                                • API String ID: 3230409043-1062449267
                                                                                                                                                                • Opcode ID: 09b3eb4bdc9fb41e81616f19f5602ba6fc5a7ed3ebb754bad878b0ac6f1c3c99
                                                                                                                                                                • Instruction ID: 2be46ec93740f30892fb8788b2f48713de6b6fb9e6c6f5c4a1c0d54efd82b04e
                                                                                                                                                                • Opcode Fuzzy Hash: 09b3eb4bdc9fb41e81616f19f5602ba6fc5a7ed3ebb754bad878b0ac6f1c3c99
                                                                                                                                                                • Instruction Fuzzy Hash: DF819B23A08B82EAE701DF20E4803AD77A0FF98748F545135EA8C97B59DF39E194C749
                                                                                                                                                                Function 00007FF6E04544EC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                • String ID: f$p$p
                                                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                                                • Opcode ID: 013c691b77988598b62c3cee438838d68335fba0d33f977377c67adf28fcb93e
                                                                                                                                                                • Instruction ID: 2332d6d7285dc0b3a2a08a27927d0a966166f964e18211cdf227cf99130f0666
                                                                                                                                                                • Opcode Fuzzy Hash: 013c691b77988598b62c3cee438838d68335fba0d33f977377c67adf28fcb93e
                                                                                                                                                                • Instruction Fuzzy Hash: EC12C77BE0C18BE5FB60AE15E24437A7651FBD0758F844131D6C98A7C8DE3EE488871A
                                                                                                                                                                Function 00007FF6E04471E4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E0447496,?,?,?,00007FF6E0447150,?,?,?,00007FF6E043BD79), ref: 00007FF6E0447269
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6E0447496,?,?,?,00007FF6E0447150,?,?,?,00007FF6E043BD79), ref: 00007FF6E0447277
                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6E0447496,?,?,?,00007FF6E0447150,?,?,?,00007FF6E043BD79), ref: 00007FF6E04472A1
                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6E0447496,?,?,?,00007FF6E0447150,?,?,?,00007FF6E043BD79), ref: 00007FF6E044730F
                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6E0447496,?,?,?,00007FF6E0447150,?,?,?,00007FF6E043BD79), ref: 00007FF6E044731B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                • Opcode ID: 759a73078d349aa163438fbaad4896693ce5bce1fbff1477315bafcbe18238c2
                                                                                                                                                                • Instruction ID: bece1b056dc7e1464f648753e67f68f9d44e965f8fe060bcab0da5aca504fd2e
                                                                                                                                                                • Opcode Fuzzy Hash: 759a73078d349aa163438fbaad4896693ce5bce1fbff1477315bafcbe18238c2
                                                                                                                                                                • Instruction Fuzzy Hash: 2D31C323A1A643F1EE629F129A007352398BF54BA4F490534ED1D87384DF7EE64BC30A
                                                                                                                                                                Function 00007FF6E0473B8C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                • Opcode ID: 5a1d6f36487dc3f1d8f8b64c865ea37def2cff5d3699b1a4c84dd68bbfe19c67
                                                                                                                                                                • Instruction ID: 6da123081705e12683291b0aa9b1bc5fbf7da829ab416d0b67530717c3e4a749
                                                                                                                                                                • Opcode Fuzzy Hash: 5a1d6f36487dc3f1d8f8b64c865ea37def2cff5d3699b1a4c84dd68bbfe19c67
                                                                                                                                                                • Instruction Fuzzy Hash: C111B223B18B42D6E3508B12EA8432963A4FB89FE5F544234EA5EC7794CF7ED41C8749
                                                                                                                                                                Function 00007FF6E0437410 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_FeaturePresentProcessorRegister
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 377724206-0
                                                                                                                                                                • Opcode ID: 084c5f5f26dd4781d6c42cf46b864011909582659bb4b42017e2ae03abf95dba
                                                                                                                                                                • Instruction ID: d2654eb5d9263e5467598b5fa38f7f667e9f5b6b3d42eef3ed82290b43ff7208
                                                                                                                                                                • Opcode Fuzzy Hash: 084c5f5f26dd4781d6c42cf46b864011909582659bb4b42017e2ae03abf95dba
                                                                                                                                                                • Instruction Fuzzy Hash: 8D51A433A09B46E1EF159F25EA443BC2360EB48B94F185431CE9D877A5DE3EE549C30A
                                                                                                                                                                Function 00007FF6E0466628 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E0466637
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E046666D
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E046669A
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E04666AB
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E04666BC
                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF6E044A685,?,?,?,?,00007FF6E04668A8), ref: 00007FF6E04666D7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                • Opcode ID: 3ca9715e6d6b72de4a01bbd5b79520e6cbd145f65a8bd9cdada02ae0d753d5e9
                                                                                                                                                                • Instruction ID: 45050b38cd8a3db4ead973b478ea9bec4646bb9de2bf89b8e1dbdbc4f34b9403
                                                                                                                                                                • Opcode Fuzzy Hash: 3ca9715e6d6b72de4a01bbd5b79520e6cbd145f65a8bd9cdada02ae0d753d5e9
                                                                                                                                                                • Instruction Fuzzy Hash: 1811AE62F28247E2FA14A731B75137911925F857F4F140338D82EC67D2FE3EA409434A
                                                                                                                                                                Function 00007FF6E038C370 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide$__std_exception_copy
                                                                                                                                                                • String ID: to_narrow<wchar_t> invalid arguments$to_narrow<wchar_t>::WideCharToMultiByte
                                                                                                                                                                • API String ID: 2551222438-1534530176
                                                                                                                                                                • Opcode ID: a82ae380f2dbfdaf217b5ded9be730add4dd81de0ad525a4756445705a469dbf
                                                                                                                                                                • Instruction ID: 9f8dfb8d0ae9ff025cf13493aae1c1e3d98526ea12493d710e18b6a14be78d3a
                                                                                                                                                                • Opcode Fuzzy Hash: a82ae380f2dbfdaf217b5ded9be730add4dd81de0ad525a4756445705a469dbf
                                                                                                                                                                • Instruction Fuzzy Hash: F551F133A18B43E2EA108B05E98077973A4FB94780F605131EB9D83BA4EF3EE595C705
                                                                                                                                                                Function 00007FF6E046B624 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                • Opcode ID: ac91ad3d68199f0ec4fa3bd46b25ec0b79f8e5c2f106d6f4040be9a72637721b
                                                                                                                                                                • Instruction ID: 0b64ebacb91c158c522ace3e60c162ad9a01b94df717ce710f8fbb07c1c32c58
                                                                                                                                                                • Opcode Fuzzy Hash: ac91ad3d68199f0ec4fa3bd46b25ec0b79f8e5c2f106d6f4040be9a72637721b
                                                                                                                                                                • Instruction Fuzzy Hash: E0118F23E78A13E5FA541124F6A537911406F54374F044635ED6E863E6EE3EE8D8438F
                                                                                                                                                                Function 00007FF6E04666F0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF6E044868F,?,?,00000000,00007FF6E044892A,?,?,?,?,?,00007FF6E04488B6), ref: 00007FF6E046670F
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044868F,?,?,00000000,00007FF6E044892A,?,?,?,?,?,00007FF6E04488B6), ref: 00007FF6E046672E
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044868F,?,?,00000000,00007FF6E044892A,?,?,?,?,?,00007FF6E04488B6), ref: 00007FF6E0466756
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044868F,?,?,00000000,00007FF6E044892A,?,?,?,?,?,00007FF6E04488B6), ref: 00007FF6E0466767
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF6E044868F,?,?,00000000,00007FF6E044892A,?,?,?,?,?,00007FF6E04488B6), ref: 00007FF6E0466778
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: b9fe89769d76fcc6ab13c3bfe1ca8c0f6ac9c3f11059cad3d53a4229cc192a1b
                                                                                                                                                                • Instruction ID: 38bfa0b3a32dd5b7abd89840d1e5ec3a7fed21b44a97acb9d2e32039c73297e0
                                                                                                                                                                • Opcode Fuzzy Hash: b9fe89769d76fcc6ab13c3bfe1ca8c0f6ac9c3f11059cad3d53a4229cc192a1b
                                                                                                                                                                • Instruction Fuzzy Hash: 6E118C62F28203E2FA586731BB4137912855F417B8E185334E83EC67D6FE3EB40A434A
                                                                                                                                                                Function 00007FF6E04275A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 165libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6E042764F
                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FF6E042765F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                                                                • String ID: onexit_register_connector_avast_2$onexit_register_connector_avast_2 export not found
                                                                                                                                                                • API String ID: 1646373207-2937613418
                                                                                                                                                                • Opcode ID: b6d3f747c1d79caa1cf08ccd8dc11830292a0e1d0a24979e8d9c85b85dd84ca0
                                                                                                                                                                • Instruction ID: 4717368dec8932cdd5a02969c94a1db39120dec18638c26977ca086a23458c45
                                                                                                                                                                • Opcode Fuzzy Hash: b6d3f747c1d79caa1cf08ccd8dc11830292a0e1d0a24979e8d9c85b85dd84ca0
                                                                                                                                                                • Instruction Fuzzy Hash: 24719D33A04B82D6EB10CF25E99076973A4FB84B90F509136DA8E83760DF3DE488C745
                                                                                                                                                                Function 00007FF6E04625B4 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                • Opcode ID: 93d5df08eab0b4e75007fd6021b5e020f644125cff1667770baf25001e86f124
                                                                                                                                                                • Instruction ID: 404ad67d13dcf0c89313f02e46d018a08229a29f04b9ff90575d5b93ec9fe148
                                                                                                                                                                • Opcode Fuzzy Hash: 93d5df08eab0b4e75007fd6021b5e020f644125cff1667770baf25001e86f124
                                                                                                                                                                • Instruction Fuzzy Hash: 9CD11333B18A81E9E711CF79E6402AC37B1FB54798B144232DE4DA7B99EE39D40AC305
                                                                                                                                                                Function 00007FF6E0462F90 Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,?,00007FF6E0462F30), ref: 00007FF6E04630B3
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,?,00007FF6E0462F30), ref: 00007FF6E046313D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                • Opcode ID: 90ce15acb76d576162d926646335ef57c435521b4091eed73a8068e972952d3c
                                                                                                                                                                • Instruction ID: 0eca141dfef84be68a32c51eea7bd16b0242b82571ea4140b0ddc32c26ff23a6
                                                                                                                                                                • Opcode Fuzzy Hash: 90ce15acb76d576162d926646335ef57c435521b4091eed73a8068e972952d3c
                                                                                                                                                                • Instruction Fuzzy Hash: B3911473E28A92E5F750CB65AA503BD27A0FB05B88F040135DE0E93794EF3AD449C34A
                                                                                                                                                                Function 00007FF6E038CAB0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6E0418480: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FF6E0418590), ref: 00007FF6E04184C1
                                                                                                                                                                  • Part of subcall function 00007FF6E0418480: DeleteCriticalSection.KERNEL32(?,?,?,?,?,00007FF6E0418590), ref: 00007FF6E04184DA
                                                                                                                                                                  • Part of subcall function 00007FF6E0418480: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF6E0418590), ref: 00007FF6E0418537
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF6E038DF25), ref: 00007FF6E038CB10
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00007FF6E038CB51
                                                                                                                                                                • CreateEventW.KERNEL32(?,?,?,?,?,?,?,00007FF6E038DF25), ref: 00007FF6E038CB85
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00007FF6E038CB9F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$CloseCreateDeleteEnterEventHandleInitialize
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3435541109-0
                                                                                                                                                                • Opcode ID: 52d02ba3da4d4dd7dc935723575673826c30cb8bf2993f6b1f6fe00d29a5b5dc
                                                                                                                                                                • Instruction ID: 8cd6be41a40ccc1e39a21568a04086609cc94dcf17fb7cdf0ea730f12d4f4586
                                                                                                                                                                • Opcode Fuzzy Hash: 52d02ba3da4d4dd7dc935723575673826c30cb8bf2993f6b1f6fe00d29a5b5dc
                                                                                                                                                                • Instruction Fuzzy Hash: 8631CF33A18B82D2E7118F20E54136AB7A0FF98784F089535EA8D83795DF3DE494C745
                                                                                                                                                                Function 00007FF6E0429160 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide__std_exception_copy__std_exception_destroy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 215045438-0
                                                                                                                                                                • Opcode ID: b6a57183cbcc3caf8dded64f9550250f60e0d7cc434e608ffe66a40ffba18141
                                                                                                                                                                • Instruction ID: dfcb3401e07064ff426805cc03dd555a9d8826d94adc43a298a00fe98b7e86a4
                                                                                                                                                                • Opcode Fuzzy Hash: b6a57183cbcc3caf8dded64f9550250f60e0d7cc434e608ffe66a40ffba18141
                                                                                                                                                                • Instruction Fuzzy Hash: B7218E22618B81E1EA10DB20E4543AAB3A4FB84390F905235E7AC866A9DF3DD599CB45
                                                                                                                                                                Function 00007FF6E038C7B0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2960854011-0
                                                                                                                                                                • Opcode ID: 31af9900460e1b076c45b9c78827b63ef37313c884f2d91ad3ab3dae0954e304
                                                                                                                                                                • Instruction ID: 644d21bce1230c51bb759d5700053d6490819ccde1928d7ce1ea2302768f3da2
                                                                                                                                                                • Opcode Fuzzy Hash: 31af9900460e1b076c45b9c78827b63ef37313c884f2d91ad3ab3dae0954e304
                                                                                                                                                                • Instruction Fuzzy Hash: 4611AF33A28B81E1EB00CB20E4841ADB3A4EF98784F545135EB9D46755EF3DE9D9C750
                                                                                                                                                                Function 00007FF6E04397E4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                • Opcode ID: a79ee3274455eda1db0c18c26e31687a9c8a19ea449eb1b0d6fd8f6fbe0c9ae7
                                                                                                                                                                • Instruction ID: ca4a976ca1f61c2e22b9b6bb76eabec70aa2efce9c531870103609133fc79b71
                                                                                                                                                                • Opcode Fuzzy Hash: a79ee3274455eda1db0c18c26e31687a9c8a19ea449eb1b0d6fd8f6fbe0c9ae7
                                                                                                                                                                • Instruction Fuzzy Hash: C1117C22B14F06DAEB00DF60E9443B933A4FB59758F441E31EA2D827A8DF7CD1988380
                                                                                                                                                                Function 00007FF6E039EAE0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF6E039ED3B
                                                                                                                                                                  • Part of subcall function 00007FF6E0436638: MultiByteToWideChar.KERNEL32 ref: 00007FF6E0436654
                                                                                                                                                                  • Part of subcall function 00007FF6E0436638: GetLastError.KERNEL32 ref: 00007FF6E0436662
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide__std_fs_convert_narrow_to_wide
                                                                                                                                                                • String ID: \u{$\x{
                                                                                                                                                                • API String ID: 1033888727-3325273574
                                                                                                                                                                • Opcode ID: a6dd7f46af4acda281db1a304afc9ed0412237ec07c826051b9252b24951f5a4
                                                                                                                                                                • Instruction ID: a2234c22f0bb86c13b104568e0d603b55c0fc34f7857cf72469cd1cc24234fed
                                                                                                                                                                • Opcode Fuzzy Hash: a6dd7f46af4acda281db1a304afc9ed0412237ec07c826051b9252b24951f5a4
                                                                                                                                                                • Instruction Fuzzy Hash: 8CF12863A08B86D5DB148F26D59022D7B61F758F88F848472CE9E4336CCF3AD856C356
                                                                                                                                                                Function 00007FF6E03F4860 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitInitializeOnce$BeginCompleteCriticalSection
                                                                                                                                                                • String ID: Singleton already destroyed
                                                                                                                                                                • API String ID: 1264858881-257684709
                                                                                                                                                                • Opcode ID: 851ec6bb553dea1920f4f179640fdafd454d48d4180fedbda9415dd802f7db27
                                                                                                                                                                • Instruction ID: bad4454f2fdb2c2c52727a4a8594fbb69335ce735ccd56ca78dc96a632aefbb6
                                                                                                                                                                • Opcode Fuzzy Hash: 851ec6bb553dea1920f4f179640fdafd454d48d4180fedbda9415dd802f7db27
                                                                                                                                                                • Instruction Fuzzy Hash: 2551A133A08B42D2EB10DF15E9543AA73A4FB88B94F648135DA8D83764DF3ED445C705
                                                                                                                                                                Function 00007FF6E043B8D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileFindHeaderInstanceTargetType
                                                                                                                                                                • String ID: Bad dynamic_cast!
                                                                                                                                                                • API String ID: 746355257-2956939130
                                                                                                                                                                • Opcode ID: 6ccfc2690520a0d7a7a0635baf1d140dc9f1c9ac7e542af050bd8dfe33b3b6f0
                                                                                                                                                                • Instruction ID: 6acf822d24f45a74cca13a3104f21157863c0ebbd3da07ef1ad22ea061028f26
                                                                                                                                                                • Opcode Fuzzy Hash: 6ccfc2690520a0d7a7a0635baf1d140dc9f1c9ac7e542af050bd8dfe33b3b6f0
                                                                                                                                                                • Instruction Fuzzy Hash: DD31B163718B86E2EA60CB21E58477A6390FF48B84F109535DF8E83744DE3DE109C746
                                                                                                                                                                Function 00007FF6E0462C60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                • String ID: U
                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                • Opcode ID: 9392cb391c11bb0ea7e9509be0819d39a61c4c196ed2f9d81cc4a2524e7cc308
                                                                                                                                                                • Instruction ID: 2fef20c3a1f684185bce0f951690a64e5ddb1a86c8bdf6bc31b5a7fa0663ea4c
                                                                                                                                                                • Opcode Fuzzy Hash: 9392cb391c11bb0ea7e9509be0819d39a61c4c196ed2f9d81cc4a2524e7cc308
                                                                                                                                                                • Instruction Fuzzy Hash: BB41CF63A28A42E2DB20DF25FA443AA67A0FB98784F804031EE4DC7798EF3DD445C745
                                                                                                                                                                Function 00007FF6E03A5CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                • API String ID: 1838369231-1405518554
                                                                                                                                                                • Opcode ID: 07d3153f20ce2c580e0d6006a94a8847e72647dad0a2d6d794f15045b2b0dfd4
                                                                                                                                                                • Instruction ID: 8b8b5791b251335e8eb81525598f1804856384feaf8c602f05d7d70a1215e829
                                                                                                                                                                • Opcode Fuzzy Hash: 07d3153f20ce2c580e0d6006a94a8847e72647dad0a2d6d794f15045b2b0dfd4
                                                                                                                                                                • Instruction Fuzzy Hash: 89119E63516B85D9EB44DF75E48036D37B4EBA8B44F286039DA8D8330AEF38D4A4C345
                                                                                                                                                                Function 00007FF6E038BFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID: string too long
                                                                                                                                                                • API String ID: 73155330-2556327735
                                                                                                                                                                • Opcode ID: 4884af5301836826155f586539c81e37caab1b9dc74b51d6354beef557b7d0c2
                                                                                                                                                                • Instruction ID: d2166731726fb8a73651300bb83206ff6a2cfb276aae4e29e657a9e1f059ad79
                                                                                                                                                                • Opcode Fuzzy Hash: 4884af5301836826155f586539c81e37caab1b9dc74b51d6354beef557b7d0c2
                                                                                                                                                                • Instruction Fuzzy Hash: A4E02BA3E25607F1ED08B720D4D627D11909F94360F510B34E37DC27C2DE2DE045831A
                                                                                                                                                                Function 00007FF6E043BA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.3642629834.00007FF6E0381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6E0380000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.3642575756.00007FF6E0380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642772771.00007FF6E0496000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642856945.00007FF6E04FB000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642907626.00007FF6E04FE000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642942379.00007FF6E0500000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.3642999216.00007FF6E0506000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6e0380000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                • Opcode ID: 457b9b83ac83e01f44cfcc1b112082db032e27b24efee9debe29c097b34cb555
                                                                                                                                                                • Instruction ID: 246178d539504c8dba3479c3616a88faeb4daba8d50e84a6f51dd1aeb95c234b
                                                                                                                                                                • Opcode Fuzzy Hash: 457b9b83ac83e01f44cfcc1b112082db032e27b24efee9debe29c097b34cb555
                                                                                                                                                                • Instruction Fuzzy Hash: B9114932618B81D2EB208F15E60436977E1FB88B94F584230DF8C47758DF3DC5558B44

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:8.6%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                Total number of Nodes:12
                                                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                                                execution_graph 17282 7ff717af7270 17283 7ff717af7290 17282->17283 17286 7ff717b05650 17283->17286 17285 7ff717af729d 17287 7ff717b0566d 17286->17287 17290 7ff717b05490 17287->17290 17289 7ff717b05698 17289->17285 17292 7ff717b054e4 17290->17292 17291 7ff717b05526 GetFileAttributesW 17293 7ff717b05531 17291->17293 17292->17291 17294 7ff717b05572 GetFileAttributesW 17293->17294 17295 7ff717b0557d 17293->17295 17294->17295 17295->17289

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF717B03FD0 Relevance: 23.7, APIs: 4, Strings: 9, Instructions: 949COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Binding$String$AttributesComposeFileFrom
                                                                                                                                                                • String ID: $"$0$244E$661B$?$D$O$`
                                                                                                                                                                • API String ID: 1235539162-1856272449
                                                                                                                                                                • Opcode ID: 028c9f89c40b3941f47d2b7fa9c9b562004d1e96a4cea9624e27e00229fff623
                                                                                                                                                                • Instruction ID: 51e9a5fcfd61659978d4b75e9edf09e3882b1e4653addc5fb5aa9f3b999b39ee
                                                                                                                                                                • Opcode Fuzzy Hash: 028c9f89c40b3941f47d2b7fa9c9b562004d1e96a4cea9624e27e00229fff623
                                                                                                                                                                • Instruction Fuzzy Hash: 51B26E72A18FC581E630EB24E4807EAB3B0FB95754F905236D68D43AA6DF7CD589CB10
                                                                                                                                                                Function 00007FF717B0E130 Relevance: 15.1, APIs: 3, Strings: 5, Instructions: 1064COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$ClassCountHandleInfoMemoryPriority
                                                                                                                                                                • String ID: 9752$9752$F988$F988$uwm
                                                                                                                                                                • API String ID: 1229753118-4136195788
                                                                                                                                                                • Opcode ID: cf239077a3e1d04d115bf3520f146ebd45d4aa46f8e5d739a14cd9f05b83d3e2
                                                                                                                                                                • Instruction ID: 5d4fd12130e872112a2a9cb30d230ba0c174d5aaaba51766ec219866c0d3a5ca
                                                                                                                                                                • Opcode Fuzzy Hash: cf239077a3e1d04d115bf3520f146ebd45d4aa46f8e5d739a14cd9f05b83d3e2
                                                                                                                                                                • Instruction Fuzzy Hash: B1C29D32A08F898AEB70AF25D8407E9B7B1FB49B98F844236DA4D07755DF38D54AC350
                                                                                                                                                                Function 00007FF717B0ADC0 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 430COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1135 7ff717b0adc0-7ff717b0ae23 1138 7ff717b0ae63-7ff717b0aed0 call 7ff717ae15f0 1135->1138 1139 7ff717b0ae25-7ff717b0ae31 1135->1139 1186 7ff717b0aefb-7ff717b0aefe 1138->1186 1187 7ff717b0aed2-7ff717b0aef6 call 7ff717ada910 1138->1187 1140 7ff717b0ae37-7ff717b0ae59 call 7ff717b10570 call 7ff717b0bd60 1139->1140 1141 7ff717b0b160-7ff717b0b1ce call 7ff717b11ec0 1139->1141 1155 7ff717b0ae5e 1140->1155 1152 7ff717b0b1d4-7ff717b0b1db 1141->1152 1153 7ff717b0b266-7ff717b0b26f 1141->1153 1152->1153 1154 7ff717b0b1e1-7ff717b0b1e7 1152->1154 1156 7ff717b0b275-7ff717b0b27a 1153->1156 1157 7ff717b0b2f6-7ff717b0b2ff 1153->1157 1154->1153 1159 7ff717b0b1e9-7ff717b0b1fc 1154->1159 1160 7ff717b0af3f-7ff717b0af48 1155->1160 1156->1157 1163 7ff717b0b27c-7ff717b0b280 1156->1163 1161 7ff717b0b3a0-7ff717b0b3a9 1157->1161 1162 7ff717b0b305-7ff717b0b30d 1157->1162 1159->1153 1165 7ff717b0b1fe-7ff717b0b261 call 7ff717ae3a00 1159->1165 1166 7ff717b0af4e-7ff717b0af58 call 7ff717b0b4a0 1160->1166 1167 7ff717b0b031-7ff717b0b036 1160->1167 1169 7ff717b0b47a 1161->1169 1170 7ff717b0b3af-7ff717b0b403 call 7ff717ad6c90 1161->1170 1162->1161 1185 7ff717b0b313-7ff717b0b367 call 7ff717ad6c90 1162->1185 1163->1157 1168 7ff717b0b282-7ff717b0b28a 1163->1168 1179 7ff717b0b47c-7ff717b0b49c 1165->1179 1182 7ff717b0af5d-7ff717b0af5f 1166->1182 1174 7ff717b0b03c-7ff717b0b043 1167->1174 1175 7ff717b0b120-7ff717b0b125 1167->1175 1168->1157 1177 7ff717b0b28c-7ff717b0b2b0 1168->1177 1169->1179 1190 7ff717b0b433 1170->1190 1191 7ff717b0b405-7ff717b0b432 1170->1191 1195 7ff717b0b04b-7ff717b0b052 1174->1195 1183 7ff717b0b127-7ff717b0b132 SetErrorMode 1175->1183 1184 7ff717b0b135-7ff717b0b15f 1175->1184 1177->1157 1206 7ff717b0b2b2-7ff717b0b2c3 1177->1206 1182->1167 1192 7ff717b0af65-7ff717b0afbc call 7ff717ad6c90 1182->1192 1183->1184 1214 7ff717b0b397-7ff717b0b39b 1185->1214 1215 7ff717b0b369-7ff717b0b396 1185->1215 1193 7ff717b0af08-7ff717b0af0b 1186->1193 1194 7ff717b0af00-7ff717b0af05 1186->1194 1187->1186 1199 7ff717b0b437-7ff717b0b43a 1190->1199 1191->1190 1219 7ff717b0afee-7ff717b0aff5 1192->1219 1220 7ff717b0afbe-7ff717b0afed 1192->1220 1201 7ff717b0af0d-7ff717b0af1f 1193->1201 1202 7ff717b0af30-7ff717b0af3b 1193->1202 1194->1193 1195->1175 1203 7ff717b0b058-7ff717b0b0ac call 7ff717ad6c90 1195->1203 1208 7ff717b0b43c-7ff717b0b44b 1199->1208 1209 7ff717b0b476-7ff717b0b478 1199->1209 1211 7ff717b0af29-7ff717b0af2f 1201->1211 1212 7ff717b0af21-7ff717b0af27 1201->1212 1202->1160 1224 7ff717b0b0ae-7ff717b0b0de 1203->1224 1225 7ff717b0b0df-7ff717b0b0e6 1203->1225 1230 7ff717b0b2d8-7ff717b0b2f1 1206->1230 1231 7ff717b0b2c5-7ff717b0b2d6 1206->1231 1208->1209 1218 7ff717b0b44d-7ff717b0b464 1208->1218 1209->1179 1211->1202 1212->1202 1214->1199 1215->1214 1218->1209 1238 7ff717b0b466-7ff717b0b46c 1218->1238 1226 7ff717b0aff7-7ff717b0b001 1219->1226 1227 7ff717b0b02e 1219->1227 1220->1219 1224->1225 1235 7ff717b0b0e8-7ff717b0b0f2 1225->1235 1236 7ff717b0b11d 1225->1236 1226->1227 1234 7ff717b0b003-7ff717b0b01c 1226->1234 1227->1167 1230->1179 1231->1157 1231->1230 1234->1227 1242 7ff717b0b01e-7ff717b0b024 1234->1242 1235->1236 1240 7ff717b0b0f4-7ff717b0b10b 1235->1240 1236->1175 1238->1209 1240->1236 1244 7ff717b0b10d-7ff717b0b113 1240->1244 1242->1227 1244->1236
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                • String ID: #$&$C33A$C33A$EC0E$EC0E
                                                                                                                                                                • API String ID: 2340568224-980085503
                                                                                                                                                                • Opcode ID: e47cd9bff99980f99117be94ff6f345d533962202c4ecd92815b1ac9e732fa4c
                                                                                                                                                                • Instruction ID: 5442fb82b1559f2e295ac20eaad3168b756c75b17ef63df97ec66cd8713705f7
                                                                                                                                                                • Opcode Fuzzy Hash: e47cd9bff99980f99117be94ff6f345d533962202c4ecd92815b1ac9e732fa4c
                                                                                                                                                                • Instruction Fuzzy Hash: 4E226232A04F498AEB60EF25D8406ADB3B0FB48BA4F845236DA4D57B65DF3CD54AC710
                                                                                                                                                                Function 00007FF717B0C8D0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 283COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1245 7ff717b0c8d0-7ff717b0ca6c call 7ff717ae3a00 call 7ff717ad7a00 call 7ff717b107f0 1257 7ff717b0ca70-7ff717b0ca8e call 7ff717b14ef0 call 7ff717b14a30 1245->1257 1262 7ff717b0cdac-7ff717b0cdb4 1257->1262 1263 7ff717b0ca94-7ff717b0ca9c 1257->1263 1265 7ff717b0cdd5-7ff717b0cded 1262->1265 1266 7ff717b0cdb6-7ff717b0cdc0 call 7ff717b0e130 1262->1266 1263->1262 1264 7ff717b0caa2-7ff717b0cab4 GetPriorityClass 1263->1264 1264->1262 1272 7ff717b0caba-7ff717b0cabf 1264->1272 1265->1257 1271 7ff717b0cdf3-7ff717b0cdf7 1265->1271 1268 7ff717b0cdc5-7ff717b0cdce 1266->1268 1268->1265 1273 7ff717b0ce00-7ff717b0ce20 1271->1273 1272->1262 1274 7ff717b0cac5-7ff717b0caf9 call 7ff717b0a260 1272->1274 1278 7ff717b0ce22-7ff717b0ce5b 1273->1278 1281 7ff717b0cafb 1274->1281 1282 7ff717b0cb00-7ff717b0cb0b 1274->1282 1283 7ff717b0cda4 1281->1283 1286 7ff717b0cd9b-7ff717b0cd9e CloseHandle 1282->1286 1287 7ff717b0cb11-7ff717b0cb1b call 7ff717b0f640 1282->1287 1283->1262 1286->1283 1287->1286 1290 7ff717b0cb21-7ff717b0cb70 1287->1290 1290->1286 1292 7ff717b0cb76-7ff717b0cb81 1290->1292 1293 7ff717b0cb87-7ff717b0cb90 1292->1293 1294 7ff717b0cd96 1292->1294 1295 7ff717b0cd2a-7ff717b0cd33 1293->1295 1296 7ff717b0cb96 1293->1296 1294->1286 1297 7ff717b0cd8e 1295->1297 1298 7ff717b0cd35-7ff717b0cd45 1295->1298 1299 7ff717b0cba0-7ff717b0cbc0 1296->1299 1297->1294 1298->1297 1302 7ff717b0cd47-7ff717b0cd7b 1298->1302 1303 7ff717b0cbc2-7ff717b0cbd9 1299->1303 1302->1297 1310 7ff717b0cd7d-7ff717b0cd87 1302->1310 1304 7ff717b0cbdf-7ff717b0cbe1 1303->1304 1305 7ff717b0cd20 1303->1305 1304->1295 1306 7ff717b0cbe7-7ff717b0cc62 call 7ff717ad6c90 1304->1306 1307 7ff717b0cd23 1305->1307 1312 7ff717b0cc99-7ff717b0cca4 1306->1312 1313 7ff717b0cc64-7ff717b0cc98 1306->1313 1307->1295 1310->1297 1314 7ff717b0cce3-7ff717b0cd1e call 7ff717b0d5b0 1312->1314 1315 7ff717b0cca6-7ff717b0ccb3 1312->1315 1313->1312 1314->1307 1315->1314 1317 7ff717b0ccb5-7ff717b0ccd1 1315->1317 1317->1314 1321 7ff717b0ccd3-7ff717b0ccd9 1317->1321 1321->1314
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Times$ClassControlDevicePriorityProcessSystem
                                                                                                                                                                • String ID: 9752$F988$H$h
                                                                                                                                                                • API String ID: 3814306040-1294379403
                                                                                                                                                                • Opcode ID: 8a6cf8b4d579bf8b1f6ea973ba1418f50bb40766ff33e28be98a45ae8f18b40e
                                                                                                                                                                • Instruction ID: 70feb31c3cd6e997fe8bce9e9c5351fd111743320fe43772b744d40545180877
                                                                                                                                                                • Opcode Fuzzy Hash: 8a6cf8b4d579bf8b1f6ea973ba1418f50bb40766ff33e28be98a45ae8f18b40e
                                                                                                                                                                • Instruction Fuzzy Hash: 44E14232A18BC986E771EF25E8407EAB3A0FB89750F844235DA8D43A55DF3CD54ACB50
                                                                                                                                                                Function 00007FF717AF7470 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 311COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1389 7ff717af7470-7ff717af74cc 1391 7ff717af74ce-7ff717af74d2 1389->1391 1392 7ff717af74d7-7ff717af759a GetProcessId call 7ff717b033a0 call 7ff717ae1850 call 7ff717adc6c0 1389->1392 1393 7ff717af79f0-7ff717af7a0e 1391->1393 1403 7ff717af78e6-7ff717af7936 1392->1403 1404 7ff717af75a0-7ff717af75ab 1392->1404 1405 7ff717af797d-7ff717af79df call 7ff717ad6c90 call 7ff717b012f0 call 7ff717b03310 call 7ff717b024a0 call 7ff717b03fd0 1403->1405 1406 7ff717af7938-7ff717af797b call 7ff717ad6c90 call 7ff717b012f0 call 7ff717b03310 call 7ff717b024a0 1403->1406 1412 7ff717af7643-7ff717af7668 call 7ff717b03fd0 1404->1412 1413 7ff717af75b1-7ff717af763e call 7ff717ad6c90 call 7ff717b012f0 call 7ff717b03310 call 7ff717b024a0 1404->1413 1423 7ff717af79e2-7ff717af79ee call 7ff717adc6c0 1405->1423 1406->1423 1412->1423 1424 7ff717af766e-7ff717af7680 1412->1424 1413->1412 1423->1393 1439 7ff717af7686-7ff717af7705 call 7ff717ad6c90 call 7ff717b012f0 call 7ff717b03310 call 7ff717b024a0 1424->1439 1440 7ff717af770a-7ff717af7721 1424->1440 1439->1440 1443 7ff717af7723-7ff717af7726 1440->1443 1444 7ff717af7770-7ff717af779c 1440->1444 1447 7ff717af7730-7ff717af775c 1443->1447 1444->1444 1448 7ff717af779e-7ff717af77bd 1444->1448 1447->1447 1450 7ff717af775e-7ff717af7768 1447->1450 1451 7ff717af77bf-7ff717af77d7 1448->1451 1452 7ff717af77d9-7ff717af77f5 call 7ff717ad7a00 1448->1452 1450->1448 1454 7ff717af77f6-7ff717af78cf call 7ff717ad6c90 call 7ff717b012f0 call 7ff717b03310 call 7ff717afa7a0 call 7ff717b006a0 call 7ff717b03310 call 7ff717b024a0 1451->1454 1452->1454 1475 7ff717af78d4-7ff717af78e1 call 7ff717adc6c0 1454->1475 1475->1423
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process
                                                                                                                                                                • String ID: 53B2$CBAC$S
                                                                                                                                                                • API String ID: 1235230986-1140953925
                                                                                                                                                                • Opcode ID: 7185504d4faebef45b64c6b9967c49626854bde029097b5f4f472be3aa3241e1
                                                                                                                                                                • Instruction ID: c8913e09035446eec0db13d4c75e384e1361fb3a68a79a9901a2d8b183e66dea
                                                                                                                                                                • Opcode Fuzzy Hash: 7185504d4faebef45b64c6b9967c49626854bde029097b5f4f472be3aa3241e1
                                                                                                                                                                • Instruction Fuzzy Hash: 1AE1C472A18E858AE720EF34D8416EDB370FB95354F805236EA4D47A56DF3CE68AC710
                                                                                                                                                                Function 00007FF717B0C4D0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile$ControlDeviceDuplicateFullHandleImageInfoNameNativeProcessQuerySystem
                                                                                                                                                                • String ID: J
                                                                                                                                                                • API String ID: 1311320497-1141589763
                                                                                                                                                                • Opcode ID: cb5d3dce250969bf8204c019681d2ebab97357f6a9e08cc7bd094ef9a2339d1f
                                                                                                                                                                • Instruction ID: efad3a5218bb5f5b4f3e9013c5fa6b307eeff5004119c26ee96c5b6685e32bf7
                                                                                                                                                                • Opcode Fuzzy Hash: cb5d3dce250969bf8204c019681d2ebab97357f6a9e08cc7bd094ef9a2339d1f
                                                                                                                                                                • Instruction Fuzzy Hash: 5CC15A72B08B4586E720EF61E5402ADB3B5FB54B98F804236DE8D53BA9DF38D45AC350
                                                                                                                                                                Function 00007FF717B11F60 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1760 7ff717b11f60-7ff717b11faa CheckRemoteDebuggerPresent 1762 7ff717b11fba-7ff717b11fc4 call 7ff717b121f0 1760->1762 1763 7ff717b11fac-7ff717b11fb1 1760->1763 1768 7ff717b11fc9-7ff717b12000 NdrClientCall3 1762->1768 1769 7ff717b11fc6 1762->1769 1763->1762 1764 7ff717b11fb3-7ff717b11fb5 1763->1764 1766 7ff717b120c9-7ff717b120dd 1764->1766 1770 7ff717b1200d 1768->1770 1771 7ff717b12002-7ff717b12007 1768->1771 1769->1768 1774 7ff717b1200f-7ff717b12013 1770->1774 1771->1770 1773 7ff717b12009-7ff717b1200b 1771->1773 1773->1774 1775 7ff717b12019-7ff717b1203c 1774->1775 1776 7ff717b120bc-7ff717b120c6 1774->1776 1780 7ff717b1203e-7ff717b12041 1775->1780 1781 7ff717b120b5 1775->1781 1776->1766 1782 7ff717b1204f-7ff717b12070 1780->1782 1783 7ff717b12043-7ff717b1204c 1780->1783 1781->1776 1782->1781 1785 7ff717b12072-7ff717b120ac 1782->1785 1783->1782 1785->1781
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Call3CheckClientDebuggerPresentRemote
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2048048575-0
                                                                                                                                                                • Opcode ID: 6cc663868b306240c9ecff04835cbdf2d454a7deeee0195fc9972421a0afc97a
                                                                                                                                                                • Instruction ID: 684504fd0c636ecfb2a3a7f5ccf7c4cefd07bfb308f5a3d60458d81aa4ed56a3
                                                                                                                                                                • Opcode Fuzzy Hash: 6cc663868b306240c9ecff04835cbdf2d454a7deeee0195fc9972421a0afc97a
                                                                                                                                                                • Instruction Fuzzy Hash: C0415071B0CA4682E760AF25E8442B9B7A1FB44BA0F844235EA9D42696DF7DD44EC720
                                                                                                                                                                Function 00007FF717B14480 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 250fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1322 7ff717b14480-7ff717b1450b 1323 7ff717b14511-7ff717b14560 call 7ff717b0a1d0 CreateFileW 1322->1323 1324 7ff717b14a04-7ff717b14a2c 1322->1324 1328 7ff717b149fd 1323->1328 1329 7ff717b14566-7ff717b145b6 DeviceIoControl 1323->1329 1328->1324 1330 7ff717b149eb 1329->1330 1331 7ff717b145bc-7ff717b145c4 1329->1331 1333 7ff717b149f2-7ff717b149fb 1330->1333 1331->1330 1332 7ff717b145ca-7ff717b1461c call 7ff717b0a1d0 CreateFileW 1331->1332 1332->1333 1337 7ff717b14622-7ff717b14629 1332->1337 1333->1324 1339 7ff717b149bb-7ff717b149be call 7ff717b14a30 1337->1339 1340 7ff717b1462f-7ff717b14716 call 7ff717b0a4e0 call 7ff717b14dd0 1337->1340 1343 7ff717b149c3-7ff717b149cc 1339->1343 1350 7ff717b14718-7ff717b14720 1340->1350 1351 7ff717b1472a-7ff717b1473e 1340->1351 1343->1324 1350->1351 1358 7ff717b14722 1350->1358 1352 7ff717b14740-7ff717b14750 call 7ff717b0a620 1351->1352 1353 7ff717b14755-7ff717b1477d 1351->1353 1352->1353 1355 7ff717b1477f-7ff717b1478f call 7ff717b0a620 1353->1355 1356 7ff717b14794-7ff717b1480c call 7ff717b10d90 1353->1356 1355->1356 1362 7ff717b14810-7ff717b14818 1356->1362 1358->1351 1362->1362 1363 7ff717b1481a-7ff717b14881 call 7ff717b10f20 1362->1363 1366 7ff717b14898 call 7ff717b0a340 1363->1366 1367 7ff717b14883-7ff717b14890 call 7ff717b0a340 1363->1367 1371 7ff717b1489d-7ff717b148bf 1366->1371 1372 7ff717b14948-7ff717b14954 1367->1372 1373 7ff717b14896 1367->1373 1374 7ff717b148c0-7ff717b148c8 1371->1374 1376 7ff717b1496b-7ff717b1498c 1372->1376 1377 7ff717b14956-7ff717b14966 call 7ff717b102f0 1372->1377 1373->1371 1374->1374 1375 7ff717b148ca-7ff717b1492c 1374->1375 1382 7ff717b14939-7ff717b14947 call 7ff717b0a340 1375->1382 1378 7ff717b14998 1376->1378 1379 7ff717b1498e-7ff717b14996 1376->1379 1377->1376 1381 7ff717b149a0-7ff717b149a3 1378->1381 1379->1381 1381->1339 1383 7ff717b149a5-7ff717b149b0 1381->1383 1382->1372 1383->1339 1387 7ff717b149b2-7ff717b149ba 1383->1387 1387->1339
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile$ControlDevice
                                                                                                                                                                • String ID: $)
                                                                                                                                                                • API String ID: 162686456-1951852088
                                                                                                                                                                • Opcode ID: 034dcf241a7ab3c070d316dce90d8ea445c844f89991f85fa0c55da49cf997f2
                                                                                                                                                                • Instruction ID: 9a114df17402471ed3257e369c21273efd5131aae766023e5a7cf9c374263f6f
                                                                                                                                                                • Opcode Fuzzy Hash: 034dcf241a7ab3c070d316dce90d8ea445c844f89991f85fa0c55da49cf997f2
                                                                                                                                                                • Instruction Fuzzy Hash: D3D13932608FC685E770AB10F8443ABB3A1FB85755F805235C6CD42A9AEF7DD58ACB10
                                                                                                                                                                Function 00007FF717B0B4A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120memoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1533 7ff717b0b4a0-7ff717b0b4d6 1534 7ff717b0b5aa-7ff717b0b5c3 1533->1534 1535 7ff717b0b4dc-7ff717b0b530 call 7ff717ad6c90 1533->1535 1539 7ff717b0b635-7ff717b0b678 call 7ff717b0b8a0 1534->1539 1540 7ff717b0b5c5-7ff717b0b5e8 1534->1540 1541 7ff717b0b560-7ff717b0b567 1535->1541 1542 7ff717b0b532-7ff717b0b55f 1535->1542 1549 7ff717b0b67d 1539->1549 1540->1539 1554 7ff717b0b5ea-7ff717b0b609 VirtualProtect 1540->1554 1543 7ff717b0b569-7ff717b0b578 1541->1543 1544 7ff717b0b5a3-7ff717b0b5a5 1541->1544 1542->1541 1543->1544 1548 7ff717b0b57a-7ff717b0b591 1543->1548 1550 7ff717b0b67f-7ff717b0b69f 1544->1550 1548->1544 1555 7ff717b0b593-7ff717b0b599 1548->1555 1549->1550 1554->1539 1556 7ff717b0b60b-7ff717b0b62f VirtualProtect 1554->1556 1555->1544 1556->1539
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                                                • String ID: C33A$EC0E
                                                                                                                                                                • API String ID: 544645111-1685882954
                                                                                                                                                                • Opcode ID: d6c0857613dff227256179e1a177b90fc0acd195fb64f918d85e80973fee38cb
                                                                                                                                                                • Instruction ID: f7864fa3a523d6d8e29bfcb9db57309ade7af09444699581c62a034246707d43
                                                                                                                                                                • Opcode Fuzzy Hash: d6c0857613dff227256179e1a177b90fc0acd195fb64f918d85e80973fee38cb
                                                                                                                                                                • Instruction Fuzzy Hash: 56514B32A04F498AE750DF34D8407A973B0FB58B58F844236EA4E53B59DF38D59AC750
                                                                                                                                                                Function 00007FF717B05490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                • String ID: 244E$661B
                                                                                                                                                                • API String ID: 3188754299-2073570166
                                                                                                                                                                • Opcode ID: 99849e741f600dd98f20d04fd41fd4b1f7122326241364f7fc57bc8a94b08bcb
                                                                                                                                                                • Instruction ID: 26639b161fb94aa82d745f41f31d07a5cbccb4d85e1e92561bc8e6aba4533bbf
                                                                                                                                                                • Opcode Fuzzy Hash: 99849e741f600dd98f20d04fd41fd4b1f7122326241364f7fc57bc8a94b08bcb
                                                                                                                                                                • Instruction Fuzzy Hash: 2641C272A18E4585EB20EF24E4407BEA370FF947A4F901235E98D47A96DF3CD14ACB10
                                                                                                                                                                Function 00007FF717B14A30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1752 7ff717b14a30-7ff717b14a59 1753 7ff717b14a5f-7ff717b14a75 1752->1753 1754 7ff717b14b03-7ff717b14b1b 1752->1754 1757 7ff717b14afb 1753->1757 1758 7ff717b14a7b-7ff717b14ab7 DeviceIoControl 1753->1758 1757->1754 1758->1757 1759 7ff717b14ab9-7ff717b14af9 1758->1759 1759->1757
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ControlDevice
                                                                                                                                                                • String ID: X
                                                                                                                                                                • API String ID: 2352790924-3081909835
                                                                                                                                                                • Opcode ID: 21dee721f01871c4c272bfec4b788d61ef22f7945d3aecd34124866ac1238a82
                                                                                                                                                                • Instruction ID: d75cf83b0a42b223c6585b9f0ba67afea38a5ec5135f748174b41983731cada0
                                                                                                                                                                • Opcode Fuzzy Hash: 21dee721f01871c4c272bfec4b788d61ef22f7945d3aecd34124866ac1238a82
                                                                                                                                                                • Instruction Fuzzy Hash: 12218E32A18F8982E7609F24E48432AB3B5F788B68F509335DA9C03759DF78D495CB40
                                                                                                                                                                Function 00007FF717B14EF0 Relevance: 3.1, APIs: 2, Instructions: 53timeCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1788 7ff717b14ef0-7ff717b14f35 GetSystemTimes 1790 7ff717b14f37-7ff717b14f5c GetProcessTimes 1788->1790 1791 7ff717b14fb2-7ff717b14fcc 1788->1791 1790->1791 1792 7ff717b14f5e-7ff717b14f68 1790->1792 1792->1791 1793 7ff717b14f6a-7ff717b14faf 1792->1793 1793->1791
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000002.3643515353.00007FF717AD1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF717AD0000, based on PE: true
                                                                                                                                                                • Associated: 00000004.00000002.3643451767.00007FF717AD0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_2_7ff717ad0000_Instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Times$ProcessSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1036515374-0
                                                                                                                                                                • Opcode ID: 66cecbe7ac77dce94178bef66cb2ba20c305c3f0119169db30df365a9cf724d1
                                                                                                                                                                • Instruction ID: dc01831606480bf2e75c2951d3f6c4eb5700bbec731645d3ab912d286fac5c62
                                                                                                                                                                • Opcode Fuzzy Hash: 66cecbe7ac77dce94178bef66cb2ba20c305c3f0119169db30df365a9cf724d1
                                                                                                                                                                • Instruction Fuzzy Hash: D4210C32618F8982EB509F24E44016EB3B5FB98B98F505226EBCD43729EF78D599C740

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF6BEFC8500 Relevance: 138.2, APIs: 36, Strings: 42, Instructions: 1743memorytimelibraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Time$CriticalFileSection$HeapProcess$LeaveSystemValue$CurrentEnterFreeInstupLocal$AllocCommandErrorInformationLastLine__std_exception_destroy$AddressAttributesCleanupConnectedExceptionHandleHeaderInitInternetMappedModuleNameProcRaiseState_invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID: --logpath "$ --send dumps|report --path "$ --version $($--product 5$--product 70$6EC6$6EC6$6EC6$7$9792$9792$9792$Bugreport was not called because community is disabled.$Cannot initialize Instup, return code {}$END: Avast installer/updater, return code {}$Error in Instup cleanup, return code {}$Error returned by Instup, return code {}$GetModuleHandleW ({})$GetProcAddress ({})$Logs$START: Avast installer/updater$SetProcessDPIAware$Setup has crashed. The dump was sent.$Unable to determine legacy product enumeration from product identifier!$X$\Logs\Clear.log$\Logs\Setup.log$\Logs\Update.log$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni$avast! Self-Defense trust was not acquired. Code {}$avast! Self-Defense trust was successfully acquired.$avcfg://settings/Common/PropertyCommunity$clear$config.def$ctx$debug$sfx$sfxstorage$user32${}.{}.{}.{}
                                                                                                                                                                • API String ID: 3599941551-1329754222
                                                                                                                                                                • Opcode ID: ba9b3ae070940a18695fcb7283856d4c15fe87f3c13aebf2ef1496223da41ca2
                                                                                                                                                                • Instruction ID: aa130b00147346ca8c595801612c6f61b0807eb8e855168100dd54bc93852f5e
                                                                                                                                                                • Opcode Fuzzy Hash: ba9b3ae070940a18695fcb7283856d4c15fe87f3c13aebf2ef1496223da41ca2
                                                                                                                                                                • Instruction Fuzzy Hash: 76139172A18B8699EB20CF78D8502ED33A4FB55749F505135EB4D87BA9EF38E684C340
                                                                                                                                                                Function 00007FF6BEFFE130 Relevance: 79.8, APIs: 31, Strings: 14, Instructions: 1064threadtimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Process$CountEnterLeaveThread$ConditionCurrentMaskTick$InfoOpenPriority$ClassHandleMemoryTimesVerifyVersion__std_exception_destroy
                                                                                                                                                                • String ID: 9752$9752$F988$F988$Handle count is {}, expected maximum is {} !$Thread count is {}, expected maximum is {} !$Thread count is {}, expected maximum is {}, but count of thread pool idle workers is {}, not dumping!$deadlock suspected$excessive handle count$excessive memory usage$excessive thread count$high CPU usage$suspected GUI thread hang$uwm
                                                                                                                                                                • API String ID: 2968722256-2316650529
                                                                                                                                                                • Opcode ID: 37e2ba4522cc724e8cb0e2472592187bbbfe4d5e89250f8888f8ebc70c535a95
                                                                                                                                                                • Instruction ID: fe73b3f05e6a7200a698464ff3116fd3ac0810daaa7574f14ef81ed547542cb2
                                                                                                                                                                • Opcode Fuzzy Hash: 37e2ba4522cc724e8cb0e2472592187bbbfe4d5e89250f8888f8ebc70c535a95
                                                                                                                                                                • Instruction Fuzzy Hash: C7C28A32A09B858AEB60CF29D8403AD37A9FB59B59F444136EB4D877A4DF7CD584C380
                                                                                                                                                                Function 00007FF6BEFF3FD0 Relevance: 62.2, APIs: 13, Strings: 22, Instructions: 949COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __std_exception_destroy$BindingString$AttributesComposeFileFreeFrom_invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID: $"$0$244E$661B$?$Attempting to install crashguard twice, ignored.$AvDumper$CrashGuard initialized successfully, external debugger attached$CrashGuard initialized successfully, only internal dumping available$CrashGuardProcessWatcherExclusions$D$Dump path '$Failed to install crash hooks$O$Release$`$avcfg://settings/CrashGuard/FullDumpFraction$avdef://config/Common/FullDumpFraction$avdef://config/Common/VersionType$ncalrpc$python.exe;pythonw.exe;
                                                                                                                                                                • API String ID: 1250493283-4266751090
                                                                                                                                                                • Opcode ID: 3ccc713052f3b8924238d74ccb15f5c435dc4a0e10d424e6d9166e13720ef90c
                                                                                                                                                                • Instruction ID: 7c53ac917a92864eaf0764f16a32f993303bfa1b8e5f8b45057515c1a1153f8a
                                                                                                                                                                • Opcode Fuzzy Hash: 3ccc713052f3b8924238d74ccb15f5c435dc4a0e10d424e6d9166e13720ef90c
                                                                                                                                                                • Instruction Fuzzy Hash: EFB26E72A19BC581E730CB68E4903EAB3A4FB95745F504236E78D83AA9DF7CD584CB40
                                                                                                                                                                Function 00007FF6BEFFADC0 Relevance: 52.9, APIs: 13, Strings: 17, Instructions: 430memorylibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1156 7ff6beffadc0-7ff6beffae23 GetModuleHandleW GetProcAddress 1157 7ff6beffae25-7ff6beffae31 1156->1157 1158 7ff6beffae63-7ff6beffaed0 call 7ff6bf12bd30 EnterCriticalSection call 7ff6bf17da50 call 7ff6befd15f0 GetProcessHeap 1156->1158 1159 7ff6beffb160-7ff6beffb1ce call 7ff6bf001ec0 call 7ff6bf17e470 1157->1159 1160 7ff6beffae37-7ff6beffae59 call 7ff6bf000570 GetCurrentThreadId call 7ff6beffbd60 1157->1160 1181 7ff6beffaed2-7ff6beffaef6 call 7ff6befca910 call 7ff6bf18b1b4 1158->1181 1182 7ff6beffaefb-7ff6beffaefe 1158->1182 1175 7ff6beffb1d4-7ff6beffb1db 1159->1175 1176 7ff6beffb266-7ff6beffb26f 1159->1176 1171 7ff6beffae5e 1160->1171 1174 7ff6beffaf3f-7ff6beffaf48 1171->1174 1179 7ff6beffb031-7ff6beffb036 1174->1179 1180 7ff6beffaf4e-7ff6beffaf58 call 7ff6beffb4a0 1174->1180 1175->1176 1178 7ff6beffb1e1-7ff6beffb1e7 1175->1178 1183 7ff6beffb275-7ff6beffb27a 1176->1183 1184 7ff6beffb2f6-7ff6beffb2ff 1176->1184 1178->1176 1189 7ff6beffb1e9-7ff6beffb1fc 1178->1189 1191 7ff6beffb120-7ff6beffb125 1179->1191 1192 7ff6beffb03c-7ff6beffb052 AddVectoredExceptionHandler 1179->1192 1200 7ff6beffaf5d-7ff6beffaf5f 1180->1200 1181->1182 1185 7ff6beffaf00-7ff6beffaf05 1182->1185 1186 7ff6beffaf08-7ff6beffaf0b 1182->1186 1183->1184 1194 7ff6beffb27c-7ff6beffb280 1183->1194 1187 7ff6beffb305-7ff6beffb30d RevertToSelf 1184->1187 1188 7ff6beffb3a0-7ff6beffb3a9 1184->1188 1185->1186 1196 7ff6beffaf30-7ff6beffaf3b LeaveCriticalSection 1186->1196 1197 7ff6beffaf0d-7ff6beffaf1f 1186->1197 1187->1188 1198 7ff6beffb313-7ff6beffb367 call 7ff6befc6c90 1187->1198 1203 7ff6beffb3af-7ff6beffb403 call 7ff6befc6c90 1188->1203 1204 7ff6beffb47a 1188->1204 1189->1176 1199 7ff6beffb1fe-7ff6beffb261 call 7ff6befd3a00 1189->1199 1201 7ff6beffb135-7ff6beffb15f call 7ff6bf17b980 1191->1201 1202 7ff6beffb127-7ff6beffb132 SetErrorMode 1191->1202 1192->1191 1205 7ff6beffb058-7ff6beffb0ac call 7ff6befc6c90 1192->1205 1194->1184 1195 7ff6beffb282-7ff6beffb28a 1194->1195 1195->1184 1211 7ff6beffb28c-7ff6beffb2b0 VirtualQuery 1195->1211 1196->1174 1212 7ff6beffaf21-7ff6beffaf27 HeapFree 1197->1212 1213 7ff6beffaf29-7ff6beffaf2f 1197->1213 1236 7ff6beffb369-7ff6beffb396 1198->1236 1237 7ff6beffb397-7ff6beffb39b 1198->1237 1217 7ff6beffb47c-7ff6beffb49c call 7ff6bf17b980 1199->1217 1200->1179 1216 7ff6beffaf65-7ff6beffafbc call 7ff6befc6c90 1200->1216 1202->1201 1229 7ff6beffb405-7ff6beffb432 1203->1229 1230 7ff6beffb433 1203->1230 1204->1217 1231 7ff6beffb0df-7ff6beffb0e6 1205->1231 1232 7ff6beffb0ae-7ff6beffb0de 1205->1232 1211->1184 1224 7ff6beffb2b2-7ff6beffb2c3 GetModuleHandleW 1211->1224 1212->1196 1213->1196 1238 7ff6beffafee-7ff6beffaff5 1216->1238 1239 7ff6beffafbe-7ff6beffafed 1216->1239 1233 7ff6beffb2c5-7ff6beffb2d6 GetModuleHandleW 1224->1233 1234 7ff6beffb2d8-7ff6beffb2f1 1224->1234 1229->1230 1240 7ff6beffb437-7ff6beffb43a 1230->1240 1241 7ff6beffb11d 1231->1241 1242 7ff6beffb0e8-7ff6beffb0f2 1231->1242 1232->1231 1233->1184 1233->1234 1234->1217 1236->1237 1237->1240 1245 7ff6beffb02e 1238->1245 1246 7ff6beffaff7-7ff6beffb001 1238->1246 1239->1238 1247 7ff6beffb43c-7ff6beffb44b 1240->1247 1248 7ff6beffb476-7ff6beffb478 1240->1248 1241->1191 1242->1241 1249 7ff6beffb0f4-7ff6beffb10b 1242->1249 1245->1179 1246->1245 1252 7ff6beffb003-7ff6beffb01c 1246->1252 1247->1248 1253 7ff6beffb44d-7ff6beffb464 1247->1253 1248->1217 1249->1241 1257 7ff6beffb10d-7ff6beffb113 1249->1257 1252->1245 1258 7ff6beffb01e-7ff6beffb024 1252->1258 1253->1248 1259 7ff6beffb466-7ff6beffb46c 1253->1259 1257->1241 1258->1245 1259->1248
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$HandleModuleProcess$CriticalSection$AddressAllocEnterProc$CurrentErrorExceptionFreeHandlerLeaveModeQueryRevertSelfThreadVectoredVirtual
                                                                                                                                                                • String ID: #$&$Already running$C33A$C33A$CtrlRoutine$EC0E$EC0E$Failed to install global crashhandler.$Failed to install vectored handler.$Warning: Relocated kernel32 detected.$Warning: STATUS_CALLBACK_RETURNED_WHILE_IMPERSONATING exception was dispatched.$Warning: STATUS_THREADPOOL_HANDLE_EXCEPTION exception was dispatched.$asw::crashguard::ProcessWatcher::Singleton::v1$combase.dll$kernel32.dll$ole32.dll
                                                                                                                                                                • API String ID: 3202747469-1461470364
                                                                                                                                                                • Opcode ID: c69dd6e5c52a93f6036b2c76fc0be4b90795fb7c33ff4cdbc6929f6695f972c7
                                                                                                                                                                • Instruction ID: e97f82e3835ad220e983ec3c76d7bed0e7d9c91cdca54d88681c89e6fde8710c
                                                                                                                                                                • Opcode Fuzzy Hash: c69dd6e5c52a93f6036b2c76fc0be4b90795fb7c33ff4cdbc6929f6695f972c7
                                                                                                                                                                • Instruction Fuzzy Hash: 35229E32A09B468AEB50CFA9D9502AD33B4FB58B89F048136EB4D97768DF7CE444C740
                                                                                                                                                                Function 00007FF6BEFFC8D0 Relevance: 37.0, APIs: 12, Strings: 9, Instructions: 283threadwindowsynchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1260 7ff6beffc8d0-7ff6beffca6c call 7ff6befd3a00 call 7ff6bf10bd90 call 7ff6bf17baf0 call 7ff6befc7a00 call 7ff6bf10bf30 call 7ff6bf0007f0 GetModuleHandleW 1274 7ff6beffca70-7ff6beffca8e call 7ff6bf004ef0 call 7ff6bf004a30 1260->1274 1279 7ff6beffca94-7ff6beffca9c 1274->1279 1280 7ff6beffcdac-7ff6beffcdb4 1274->1280 1279->1280 1283 7ff6beffcaa2-7ff6beffcab4 GetCurrentProcess GetPriorityClass 1279->1283 1281 7ff6beffcdd5-7ff6beffcded WaitForSingleObject 1280->1281 1282 7ff6beffcdb6-7ff6beffcdc0 call 7ff6beffe130 1280->1282 1281->1274 1286 7ff6beffcdf3-7ff6beffcdf7 1281->1286 1289 7ff6beffcdc5-7ff6beffcdce 1282->1289 1283->1280 1284 7ff6beffcaba-7ff6beffcabf 1283->1284 1284->1280 1288 7ff6beffcac5-7ff6beffcaf9 call 7ff6beffa260 OpenThread 1284->1288 1287 7ff6beffce00-7ff6beffce20 PeekMessageW 1286->1287 1287->1287 1290 7ff6beffce22-7ff6beffce5b call 7ff6bf10c1e0 call 7ff6bf17b980 1287->1290 1295 7ff6beffcb00-7ff6beffcb0b GetThreadPriority 1288->1295 1296 7ff6beffcafb 1288->1296 1289->1281 1299 7ff6beffcb11-7ff6beffcb1b call 7ff6befff640 1295->1299 1300 7ff6beffcd9b-7ff6beffcd9e CloseHandle 1295->1300 1298 7ff6beffcda4 1296->1298 1298->1280 1299->1300 1304 7ff6beffcb21-7ff6beffcb70 GetGUIThreadInfo 1299->1304 1300->1298 1304->1300 1305 7ff6beffcb76-7ff6beffcb81 1304->1305 1306 7ff6beffcb87-7ff6beffcb90 1305->1306 1307 7ff6beffcd96 1305->1307 1308 7ff6beffcd2a-7ff6beffcd33 1306->1308 1309 7ff6beffcb96 1306->1309 1307->1300 1310 7ff6beffcd35-7ff6beffcd45 IsHungAppWindow 1308->1310 1311 7ff6beffcd8e 1308->1311 1312 7ff6beffcba0-7ff6beffcbc0 PeekMessageW 1309->1312 1310->1311 1313 7ff6beffcd47-7ff6beffcd7b SendMessageCallbackW 1310->1313 1311->1307 1312->1312 1314 7ff6beffcbc2-7ff6beffcbd9 1312->1314 1313->1311 1315 7ff6beffcd7d-7ff6beffcd87 1313->1315 1316 7ff6beffcd20 1314->1316 1317 7ff6beffcbdf-7ff6beffcbe1 1314->1317 1315->1311 1319 7ff6beffcd23 1316->1319 1317->1308 1318 7ff6beffcbe7-7ff6beffcc62 call 7ff6befc6c90 1317->1318 1322 7ff6beffcc64-7ff6beffcc98 1318->1322 1323 7ff6beffcc99-7ff6beffcca4 1318->1323 1319->1308 1322->1323 1324 7ff6beffcce3-7ff6beffcd1e call 7ff6beffd5b0 1323->1324 1325 7ff6beffcca6-7ff6beffccb3 1323->1325 1324->1319 1325->1324 1327 7ff6beffccb5-7ff6beffccd1 1325->1327 1327->1324 1331 7ff6beffccd3-7ff6beffccd9 1327->1331 1331->1324
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Thread$ConditionCurrentMaskOpen$CountInfoMessagePeekPriorityProcessTickTimesToken$ClassControlDeviceErrorHandleImpersonateLastModuleObjectSelfSingleSystemVerifyVersionWait
                                                                                                                                                                • String ID: 9752$Detected a hang in GUI thread through IsHungAppWindow+SendMessageCallback. Attempting to dump process...$F988$H$Process monitoring installed.$SeDebugPrivilege$h$suspected GUI thread hang$verifier.dll
                                                                                                                                                                • API String ID: 2528360860-923074097
                                                                                                                                                                • Opcode ID: a9f8f78cef3f9a625abc0864832c287266e4193955b3149f551101fd9a0f9009
                                                                                                                                                                • Instruction ID: c27939be8dc8c08fb436e3204a59e73ef7b82609e5abad925a6d1969d6d51adb
                                                                                                                                                                • Opcode Fuzzy Hash: a9f8f78cef3f9a625abc0864832c287266e4193955b3149f551101fd9a0f9009
                                                                                                                                                                • Instruction Fuzzy Hash: CDE17F32A19BC586E760CF69E8507EAB3A4FB99740F048135DB8D93A64DF7CE485CB40
                                                                                                                                                                Function 00007FFDF8456F8C Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 428windowCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1332 7ffdf8456f8c-7ffdf8456f8f 1333 7ffdf84585a0-7ffdf84585a3 1332->1333 1334 7ffdf8456f95-7ffdf8456fd7 GetClientRect 1332->1334 1337 7ffdf84585af-7ffdf84585b2 1333->1337 1338 7ffdf84585a5-7ffdf84585ae RtlLeaveCriticalSection 1333->1338 1335 7ffdf8456fdd-7ffdf8456fe3 1334->1335 1336 7ffdf8458596-7ffdf845859d 1334->1336 1335->1336 1339 7ffdf8456fe9-7ffdf8456ff0 1335->1339 1336->1333 1341 7ffdf84585d1-7ffdf84585f6 call 7ffdf86d7e70 1337->1341 1342 7ffdf84585b4-7ffdf84585d0 1337->1342 1338->1337 1344 7ffdf84576d1-7ffdf84576eb BeginPaint EndPaint 1339->1344 1345 7ffdf8456ff6-7ffdf8457002 1339->1345 1342->1341 1344->1333 1344->1336 1345->1344 1348 7ffdf8457008-7ffdf8457012 1345->1348 1349 7ffdf845732c-7ffdf845733b GetWindowLongA 1348->1349 1350 7ffdf8457018-7ffdf84570f9 BeginPaint call 7ffdf8734a10 call 7ffdf845fb00 call 7ffdf84d5540 1348->1350 1351 7ffdf845733d-7ffdf845734b 1349->1351 1352 7ffdf845738c-7ffdf845739e GetWindowLongA 1349->1352 1380 7ffdf845710d 1350->1380 1381 7ffdf84570fb-7ffdf845710b call 7ffdf84607d0 1350->1381 1354 7ffdf845734d-7ffdf8457363 1351->1354 1355 7ffdf8457365-7ffdf8457387 BeginPaint EndPaint call 7ffdf848f3d0 1351->1355 1357 7ffdf8457514-7ffdf8457563 call 7ffdf8455e80 1352->1357 1358 7ffdf84573a4-7ffdf8457471 BeginPaint call 7ffdf84d0e40 call 7ffdf845f2f0 1352->1358 1354->1352 1354->1355 1355->1333 1369 7ffdf845756e 1357->1369 1370 7ffdf8457565-7ffdf8457568 1357->1370 1376 7ffdf8457482-7ffdf84574da call 7ffdf84d0f30 1358->1376 1377 7ffdf8457473-7ffdf845747d call 7ffdf8456c80 1358->1377 1374 7ffdf8457570-7ffdf8457572 1369->1374 1370->1369 1373 7ffdf845756a-7ffdf845756c 1370->1373 1373->1374 1378 7ffdf84576c3-7ffdf84576cc call 7ffdf8456040 1374->1378 1379 7ffdf8457578-7ffdf8457639 call 7ffdf84d0e40 call 7ffdf845f2f0 1374->1379 1398 7ffdf84574ec-7ffdf84574f6 1376->1398 1399 7ffdf84574dc-7ffdf84574e5 call 7ffdf8701200 1376->1399 1377->1376 1378->1333 1401 7ffdf845764a-7ffdf8457670 1379->1401 1402 7ffdf845763b-7ffdf8457645 call 7ffdf8456c80 1379->1402 1386 7ffdf845711a-7ffdf8457146 1380->1386 1381->1386 1391 7ffdf8457183-7ffdf845718e 1386->1391 1392 7ffdf8457148-7ffdf8457181 call 7ffdf84d4cb0 call 7ffdf84e06f0 1386->1392 1400 7ffdf8457197-7ffdf84572c5 call 7ffdf8734a10 call 7ffdf84d3820 SetWindowOrgEx call 7ffdf84d39d0 call 7ffdf84d8830 CreateCompatibleDC SelectObject BitBlt SelectObject DeleteDC EndPaint 1391->1400 1392->1400 1406 7ffdf8457502-7ffdf845750f EndPaint 1398->1406 1407 7ffdf84574f8-7ffdf8457501 call 7ffdf8701200 1398->1407 1399->1398 1433 7ffdf84572db-7ffdf84572e5 1400->1433 1434 7ffdf84572c7-7ffdf84572d4 1400->1434 1409 7ffdf845767d-7ffdf845769b call 7ffdf84d0f30 1401->1409 1402->1401 1406->1333 1407->1406 1421 7ffdf84576ad-7ffdf84576b7 1409->1421 1422 7ffdf845769d-7ffdf84576a6 call 7ffdf8701200 1409->1422 1421->1378 1425 7ffdf84576b9-7ffdf84576c2 call 7ffdf8701200 1421->1425 1422->1421 1425->1378 1435 7ffdf84572fb-7ffdf8457305 1433->1435 1436 7ffdf84572e7-7ffdf84572f4 1433->1436 1434->1433 1438 7ffdf845731b-7ffdf8457327 call 7ffdf845fed0 1435->1438 1439 7ffdf8457307-7ffdf8457314 1435->1439 1436->1435 1438->1333 1439->1438
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ObjectPaint$Window$Select$Begin$LongStock$CreateMessageRectSectionSend$AlignClientClipCompatibleCriticalDeleteLayoutLeaveModeParentPointsRestoreSaveTextViewport
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 401802432-3916222277
                                                                                                                                                                • Opcode ID: 6004a42873f8cb555a85f64104463dfc5256ab30a64cb7ac3c359c44df90801d
                                                                                                                                                                • Instruction ID: daab5692e52815bad98061989bf354eb90f34dc50d9ce52b368e8fe6a1d242af
                                                                                                                                                                • Opcode Fuzzy Hash: 6004a42873f8cb555a85f64104463dfc5256ab30a64cb7ac3c359c44df90801d
                                                                                                                                                                • Instruction Fuzzy Hash: 00224A32B18AC58ADB20CF34D8A07ED7361FB84758F404236DA6D5BBA8DF389645D709
                                                                                                                                                                Function 00007FF6BEFE7470 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 311COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1444 7ff6befe7470-7ff6befe74cc RtlDllShutdownInProgress 1445 7ff6befe74ce-7ff6befe74d2 1444->1445 1446 7ff6befe74d7-7ff6befe759a GetCurrentProcess GetProcessId call 7ff6beff33a0 call 7ff6befd1850 call 7ff6befcc6c0 GetEnvironmentVariableW 1444->1446 1447 7ff6befe79f0-7ff6befe7a0e call 7ff6bf17b980 1445->1447 1456 7ff6befe75a0-7ff6befe75ab GetLastError 1446->1456 1457 7ff6befe78e6-7ff6befe7936 1446->1457 1458 7ff6befe7643-7ff6befe7668 call 7ff6beff3fd0 1456->1458 1459 7ff6befe75b1-7ff6befe763e call 7ff6befc6c90 call 7ff6beff12f0 call 7ff6beff3310 call 7ff6beff24a0 1456->1459 1460 7ff6befe797d-7ff6befe79df call 7ff6befc6c90 call 7ff6beff12f0 call 7ff6beff3310 call 7ff6beff24a0 call 7ff6beff3fd0 1457->1460 1461 7ff6befe7938-7ff6befe797b call 7ff6befc6c90 call 7ff6beff12f0 call 7ff6beff3310 call 7ff6beff24a0 1457->1461 1470 7ff6befe79e2-7ff6befe79ee call 7ff6befcc6c0 1458->1470 1471 7ff6befe766e-7ff6befe7680 GetModuleHandleW 1458->1471 1459->1458 1460->1470 1461->1470 1470->1447 1475 7ff6befe770a-7ff6befe7721 1471->1475 1476 7ff6befe7686-7ff6befe7705 call 7ff6befc6c90 call 7ff6beff12f0 call 7ff6beff3310 call 7ff6beff24a0 1471->1476 1483 7ff6befe7723-7ff6befe7726 1475->1483 1484 7ff6befe7770-7ff6befe779c 1475->1484 1476->1475 1491 7ff6befe7730-7ff6befe775c 1483->1491 1484->1484 1488 7ff6befe779e-7ff6befe77bd 1484->1488 1497 7ff6befe77bf-7ff6befe77d7 1488->1497 1498 7ff6befe77d9-7ff6befe77f5 call 7ff6befc7a00 1488->1498 1491->1491 1494 7ff6befe775e-7ff6befe7768 1491->1494 1494->1488 1502 7ff6befe77f6-7ff6befe78cf SetEnvironmentVariableW call 7ff6befc6c90 call 7ff6beff12f0 call 7ff6beff3310 call 7ff6befea7a0 call 7ff6beff06a0 call 7ff6beff3310 call 7ff6beff24a0 1497->1502 1498->1502 1525 7ff6befe78d4-7ff6befe78e1 call 7ff6befcc6c0 1502->1525 1525->1470
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$CurrentEnvironmentErrorHandleLastModuleProgressShutdownVariable
                                                                                                                                                                • String ID: 53B2$CBAC$Could not access environment variables, crash handler will be installed anyway.$Crash handler installed multiple times from this binary, ignoring additional install request$Crash handler installed successfully process-wide from module $Crash handler is already resident in this process. Enabling only manual dumping from this binary.$CrashHandlerInstalled-$Installing crashguard from DLL instead of executable. Crashes in global destruction cannot be handled.$S
                                                                                                                                                                • API String ID: 3779136858-54611380
                                                                                                                                                                • Opcode ID: f4727d8ab8da766a871a15cdc47c88274a5172c84046d0e02c09fba63bde16bd
                                                                                                                                                                • Instruction ID: 4634172a03137cdecf372a1d301c0532304d77f466b8c889a6a7b290bbf900c3
                                                                                                                                                                • Opcode Fuzzy Hash: f4727d8ab8da766a871a15cdc47c88274a5172c84046d0e02c09fba63bde16bd
                                                                                                                                                                • Instruction Fuzzy Hash: DCE1A373E29A828AE720DF78D8502E96360FBA5744F505236EB4D876A5EF7CE640C740
                                                                                                                                                                Function 00007FF6BF10B410 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 127memoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$Token$AllocateCheckCloseDuplicateHandleInitializeMembership
                                                                                                                                                                • String ID: AllocateAndInitializeSid$Unable to check token membership!$Unable to duplicate the access token!$Unable to open current thread token!$Unable to open default process token!$Unable to retrieve the size of user SID!$Unable to retrieve the user SID!
                                                                                                                                                                • API String ID: 2359238992-3829580448
                                                                                                                                                                • Opcode ID: 6f4660f8193a49392e81922c41ac8b6abc89f3841ef3f8cb118bd0c4b0a5811b
                                                                                                                                                                • Instruction ID: 67635842540f97b9961a1f187e84fb24e85eb8ccfa3ab3a3378b1d9a2246748b
                                                                                                                                                                • Opcode Fuzzy Hash: 6f4660f8193a49392e81922c41ac8b6abc89f3841ef3f8cb118bd0c4b0a5811b
                                                                                                                                                                • Instruction Fuzzy Hash: 56512732B08B429AEB10CFA9D8A02ED73B5FB94748B404536DB4D93A78DF78D659C740
                                                                                                                                                                Function 00007FF6BF128730 Relevance: 23.1, APIs: 10, Strings: 2, Instructions: 2077encryptiontimethreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF128776
                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF1289D4
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00007FF6BF128B0E
                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF128C80
                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF12917C
                                                                                                                                                                • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF1293F7
                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF129B7F
                                                                                                                                                                • CryptAcquireContextW.ADVAPI32 ref: 00007FF6BF12A08B
                                                                                                                                                                • CryptGenRandom.ADVAPI32 ref: 00007FF6BF12A0B3
                                                                                                                                                                • CryptReleaseContext.ADVAPI32 ref: 00007FF6BF12A32F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Crypt$ContextCurrentSystemTime$AcquireCounterDiskFileFreeGlobalMemoryPerformanceProcessQueryRandomReleaseSpaceStatusThreadTimes
                                                                                                                                                                • String ID: @$Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                • API String ID: 1216455848-3036034798
                                                                                                                                                                • Opcode ID: c2046da14e8c19e13add52f413bf2747616c9d0eda031075b714ba07e7d1d683
                                                                                                                                                                • Instruction ID: 7149ad82ea9b7701da373b50dcad7bfb34c08845209dbe3b231ddf22b682da06
                                                                                                                                                                • Opcode Fuzzy Hash: c2046da14e8c19e13add52f413bf2747616c9d0eda031075b714ba07e7d1d683
                                                                                                                                                                • Instruction Fuzzy Hash: 32133FB36186828BDB548F6CE49027E77B0F796344F94053AE389C7699EF6ED905CB00
                                                                                                                                                                Function 00007FF6BF11F220 Relevance: 18.0, APIs: 6, Strings: 4, Instructions: 548registryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2264 7ff6bf11f220-7ff6bf11f2c7 RegQueryValueExW 2265 7ff6bf11f2c9-7ff6bf11f31c call 7ff6befd1850 2264->2265 2266 7ff6bf11f321-7ff6bf11f326 2264->2266 2274 7ff6bf11f48e-7ff6bf11f4cb call 7ff6befcc6c0 call 7ff6bf17b980 2265->2274 2268 7ff6bf11f358-7ff6bf11f35d 2266->2268 2269 7ff6bf11f328-7ff6bf11f353 call 7ff6bf11d240 2266->2269 2271 7ff6bf11f46e-7ff6bf11f48a 2268->2271 2272 7ff6bf11f363-7ff6bf11f36a 2268->2272 2269->2268 2271->2274 2275 7ff6bf11f370-7ff6bf11f37c 2272->2275 2277 7ff6bf11f396-7ff6bf11f3a9 2275->2277 2278 7ff6bf11f37e-7ff6bf11f394 2275->2278 2281 7ff6bf11f3ab-7ff6bf11f3c3 2277->2281 2282 7ff6bf11f3dd-7ff6bf11f3ef call 7ff6befd0e00 2277->2282 2280 7ff6bf11f3f4-7ff6bf11f428 RegQueryValueExW 2278->2280 2287 7ff6bf11f42a-7ff6bf11f42f 2280->2287 2288 7ff6bf11f43d-7ff6bf11f469 call 7ff6bf11d240 2280->2288 2284 7ff6bf11f3d0-7ff6bf11f3db 2281->2284 2285 7ff6bf11f3c5-7ff6bf11f3cd 2281->2285 2282->2280 2284->2280 2285->2284 2290 7ff6bf11f4cc-7ff6bf11f5be call 7ff6befcf600 call 7ff6bf11fd90 call 7ff6bf17e470 RegQueryValueExW 2287->2290 2291 7ff6bf11f435-7ff6bf11f438 2287->2291 2288->2271 2299 7ff6bf11f5fa-7ff6bf11f5ff 2290->2299 2300 7ff6bf11f5c0-7ff6bf11f5f5 call 7ff6bf0678c0 2290->2300 2291->2275 2301 7ff6bf11f631-7ff6bf11f636 2299->2301 2302 7ff6bf11f601-7ff6bf11f62c call 7ff6bf11d240 2299->2302 2308 7ff6bf11f72a-7ff6bf11f76b call 7ff6bf065fb0 call 7ff6bf17b980 2300->2308 2305 7ff6bf11f70d-7ff6bf11f727 2301->2305 2306 7ff6bf11f63c-7ff6bf11f63f 2301->2306 2302->2301 2305->2308 2309 7ff6bf11f640-7ff6bf11f65a 2306->2309 2310 7ff6bf11f666 2309->2310 2311 7ff6bf11f65c-7ff6bf11f664 2309->2311 2313 7ff6bf11f6a1-7ff6bf11f6c7 RegQueryValueExW 2310->2313 2314 7ff6bf11f668-7ff6bf11f675 2310->2314 2311->2313 2316 7ff6bf11f6c9-7ff6bf11f6ce 2313->2316 2317 7ff6bf11f6dc-7ff6bf11f708 call 7ff6bf11d240 2313->2317 2318 7ff6bf11f677-7ff6bf11f683 call 7ff6bf120510 2314->2318 2319 7ff6bf11f685-7ff6bf11f699 call 7ff6bf1cd3e0 2314->2319 2321 7ff6bf11f76c-7ff6bf11f858 call 7ff6befcf600 call 7ff6bf11fd90 call 7ff6bf17e470 RegQueryValueExW 2316->2321 2322 7ff6bf11f6d4-7ff6bf11f6d7 2316->2322 2317->2305 2330 7ff6bf11f69d 2318->2330 2319->2330 2336 7ff6bf11f85a-7ff6bf11f88c call 7ff6bf02e990 2321->2336 2337 7ff6bf11f891-7ff6bf11f896 2321->2337 2322->2309 2330->2313 2345 7ff6bf11f9be-7ff6bf11f9fc call 7ff6befcc430 call 7ff6bf17b980 2336->2345 2339 7ff6bf11f8c8-7ff6bf11f8cd 2337->2339 2340 7ff6bf11f898-7ff6bf11f8c3 call 7ff6bf11d240 2337->2340 2343 7ff6bf11f9a1-7ff6bf11f9bb 2339->2343 2344 7ff6bf11f8d3-7ff6bf11f8d6 2339->2344 2340->2339 2343->2345 2346 7ff6bf11f8e0-7ff6bf11f8f4 2344->2346 2347 7ff6bf11f8f6-7ff6bf11f8fe 2346->2347 2348 7ff6bf11f900 2346->2348 2350 7ff6bf11f935-7ff6bf11f95b RegQueryValueExW 2347->2350 2348->2350 2351 7ff6bf11f902-7ff6bf11f90c 2348->2351 2353 7ff6bf11f95d-7ff6bf11f962 2350->2353 2354 7ff6bf11f970-7ff6bf11f99c call 7ff6bf11d240 2350->2354 2355 7ff6bf11f91c-7ff6bf11f92d call 7ff6bf1cd3e0 2351->2355 2356 7ff6bf11f90e-7ff6bf11f91a call 7ff6befd96e0 2351->2356 2359 7ff6bf11f968-7ff6bf11f96b 2353->2359 2360 7ff6bf11f9fd-7ff6bf11fa44 call 7ff6befcf600 call 7ff6bf11fd90 call 7ff6bf17e470 2353->2360 2354->2343 2367 7ff6bf11f931 2355->2367 2356->2367 2359->2346 2367->2350
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                • String ID: >$Cannot query registry data due to '{}' value changed too often$Cannot query registry value data$Cannot query registry value size
                                                                                                                                                                • API String ID: 3660427363-3204420311
                                                                                                                                                                • Opcode ID: 6d136b01cce9800be6e8d79f3ccf541c9cbc723579d2ee259b352fe82f09bb16
                                                                                                                                                                • Instruction ID: ee1335d1ce759bb53787fc8e3b71caf6c5918f122bf343bfb33c6b6ff5c3ae6e
                                                                                                                                                                • Opcode Fuzzy Hash: 6d136b01cce9800be6e8d79f3ccf541c9cbc723579d2ee259b352fe82f09bb16
                                                                                                                                                                • Instruction Fuzzy Hash: 99328232B08B9199E710CFA9E4402EE77B4FB98788F504525EF8C97A69DF38E585C740
                                                                                                                                                                Function 00007FF6BEFFBD60 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 209libraryloaderthreadCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2373 7ff6beffbd60-7ff6beffbdc2 GetModuleHandleW GetProcAddress 2374 7ff6beffbeee-7ff6beffbf33 call 7ff6bf001ec0 call 7ff6bf17e470 2373->2374 2375 7ff6beffbdc8-7ff6beffbdd8 2373->2375 2389 7ff6beffbf35-7ff6beffbf43 SetEvent 2374->2389 2390 7ff6beffbf6f-7ff6beffbf74 2374->2390 2377 7ff6beffbdde-7ff6beffbde3 2375->2377 2378 7ff6beffbed9-7ff6beffbede call 7ff6bf001b40 2375->2378 2377->2378 2380 7ff6beffbde9 2377->2380 2388 7ff6beffbedf-7ff6beffbeed call 7ff6bf17a2cc 2378->2388 2383 7ff6beffbdf0-7ff6beffbdf8 2380->2383 2386 7ff6beffbe04-7ff6beffbe68 call 7ff6bf17baf0 call 7ff6bf192c48 2383->2386 2387 7ff6beffbdfa-7ff6beffbdfc 2383->2387 2386->2388 2408 7ff6beffbe6a-7ff6beffbe6e 2386->2408 2387->2378 2391 7ff6beffbe02 2387->2391 2388->2374 2394 7ff6beffbf45-7ff6beffbf4d GetCurrentThreadId 2389->2394 2395 7ff6beffbf80-7ff6beffbf8a call 7ff6bf17a2cc 2389->2395 2391->2383 2398 7ff6beffbf4f-7ff6beffbf66 call 7ff6bf17a338 2394->2398 2399 7ff6beffbf8b-7ff6beffbfee call 7ff6bf17a2cc call 7ff6bf1cd3e0 2394->2399 2395->2399 2410 7ff6beffbf75-7ff6beffbf7f call 7ff6bf17a2cc 2398->2410 2411 7ff6beffbf68-7ff6beffbf6b 2398->2411 2419 7ff6beffbff4-7ff6beffc01a call 7ff6beffc4d0 call 7ff6beffc8d0 2399->2419 2420 7ff6beffbff0 2399->2420 2412 7ff6beffbed3 call 7ff6bf192adc 2408->2412 2413 7ff6beffbe70-7ff6beffbed2 call 7ff6bf17baf0 call 7ff6bf116b20 call 7ff6bf17b980 2408->2413 2410->2395 2411->2390 2421 7ff6beffbed8 2412->2421 2430 7ff6beffc01f-7ff6beffc06f call 7ff6beffba60 call 7ff6beffbae0 call 7ff6befcc6c0 call 7ff6befca9b0 * 2 call 7ff6bf17b980 2419->2430 2420->2419 2421->2378
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Cpp_errorThrow_std::_$Thread$AddressCurrentErrorEventExitHandleLastModuleProc
                                                                                                                                                                • String ID: Already running$IsRunningInsideAvastService
                                                                                                                                                                • API String ID: 3407786692-28184766
                                                                                                                                                                • Opcode ID: 8458401d02601788d8c762a9a1d1d410a71bd0bff7e8a2934f187a98dbe125bd
                                                                                                                                                                • Instruction ID: 91ea88db524066e3eec5d2479548b96d2308df72f16fbfb0101affd9ef254c6f
                                                                                                                                                                • Opcode Fuzzy Hash: 8458401d02601788d8c762a9a1d1d410a71bd0bff7e8a2934f187a98dbe125bd
                                                                                                                                                                • Instruction Fuzzy Hash: C181C63291978682E720DF69E4512BAB3A4FFA8780F548135E78D837A5DF7CE580C740
                                                                                                                                                                Function 00007FF6BEFFB4A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 120memorylibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProtectVirtual$AddressExceptionFilterHandleModuleProcUnhandled__std_exception_destroy
                                                                                                                                                                • String ID: C33A$Call to InstallGlobalHandler while being already installed.$EC0E$Kernel32.dll$SetUnhandledExceptionFilter
                                                                                                                                                                • API String ID: 2217734308-3094406088
                                                                                                                                                                • Opcode ID: 9aa5bc43c5ca61680017a8d9ff079830b59192f3c83aeeeda568252fb3237468
                                                                                                                                                                • Instruction ID: 9fa5f0330a1073fdc4896fbfcbd2c6df4bbd3e46ac4553b6dc9902167844c923
                                                                                                                                                                • Opcode Fuzzy Hash: 9aa5bc43c5ca61680017a8d9ff079830b59192f3c83aeeeda568252fb3237468
                                                                                                                                                                • Instruction Fuzzy Hash: E6513672A09B458AE750CFB8D9502A833A4FB58B88F444136EB0D97B68DF7CE594C780
                                                                                                                                                                Function 00007FF6BF10BC80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61librarynativeloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BEFF773C), ref: 00007FF6BF10BCCB
                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BEFF773C), ref: 00007FF6BF10BCDB
                                                                                                                                                                  • Part of subcall function 00007FF6BF17B9F0: AcquireSRWLockExclusive.KERNEL32(?,?,00000169F54C60B0,00007FF6BEFC7D2C), ref: 00007FF6BF17BA00
                                                                                                                                                                  • Part of subcall function 00007FF6BF17B9F0: ReleaseSRWLockExclusive.KERNEL32(?,?,00000169F54C60B0,00007FF6BEFC7D2C), ref: 00007FF6BF17BA40
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 00007FF6BF10BD18
                                                                                                                                                                • NtQueryInformationProcess.NTDLL ref: 00007FF6BF10BD3D
                                                                                                                                                                  • Part of subcall function 00007FF6BF17BA60: AcquireSRWLockExclusive.KERNEL32(?,?,00000169F54C60B0,00007FF6BEFC7CF1), ref: 00007FF6BF17BA70
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExclusiveLock$AcquireProcess$AddressCurrentHandleInformationModuleProcQueryRelease
                                                                                                                                                                • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                                                                • API String ID: 259813251-2906145389
                                                                                                                                                                • Opcode ID: 86f0ad37cd99437d70ef9ac5a20daec63273ace03c12aa16b52e401eaae6bcc1
                                                                                                                                                                • Instruction ID: 9fc7f68166a07a85711a4f74d5ff8218b8e5c3d119dfbaa78cd031e45642d3b4
                                                                                                                                                                • Opcode Fuzzy Hash: 86f0ad37cd99437d70ef9ac5a20daec63273ace03c12aa16b52e401eaae6bcc1
                                                                                                                                                                • Instruction Fuzzy Hash: 75215C76A18A4686EA94DBA9E8611B973A0FF99744F805432DB4ECB375DF3CE045C700
                                                                                                                                                                Function 00007FF6BEFF7660 Relevance: 9.2, APIs: 6, Instructions: 169threadmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6BF10BC80: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BEFF773C), ref: 00007FF6BF10BCCB
                                                                                                                                                                  • Part of subcall function 00007FF6BF10BC80: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BEFF773C), ref: 00007FF6BF10BCDB
                                                                                                                                                                  • Part of subcall function 00007FF6BF10BC80: GetCurrentProcess.KERNEL32 ref: 00007FF6BF10BD18
                                                                                                                                                                  • Part of subcall function 00007FF6BF10BC80: NtQueryInformationProcess.NTDLL ref: 00007FF6BF10BD3D
                                                                                                                                                                • InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF6BEFF3C6F), ref: 00007FF6BEFF7751
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF6BEFF3C6F), ref: 00007FF6BEFF775B
                                                                                                                                                                • InitializeProcThreadAttributeList.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF6BEFF3C6F), ref: 00007FF6BEFF77CB
                                                                                                                                                                • UpdateProcThreadAttribute.KERNEL32 ref: 00007FF6BEFF77FC
                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6BEFF78A0
                                                                                                                                                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF6BEFF78B9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Proc$AttributeProcessThread$InitializeList$AddressCurrentErrorHandleHeapInformationLastModuleQueryUpdate_invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3121448849-0
                                                                                                                                                                • Opcode ID: 649c77ca19b102d13b8b9d2f1622f9c1b56e88d023f7c09a3bbbb8426589d6bf
                                                                                                                                                                • Instruction ID: b03f54f82ef0d7207b5e85b743276439d2d1f4216d09321d6b9fd7861742bac4
                                                                                                                                                                • Opcode Fuzzy Hash: 649c77ca19b102d13b8b9d2f1622f9c1b56e88d023f7c09a3bbbb8426589d6bf
                                                                                                                                                                • Instruction Fuzzy Hash: B0718E32F25B8196EB04CBB9D5902AD73B4FB98784F509635EB4C53AA5DF38E1A1C340
                                                                                                                                                                Function 00007FFDF8722C98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                • String ID: GetLocaleInfoEx
                                                                                                                                                                • API String ID: 2299586839-2904428671
                                                                                                                                                                • Opcode ID: 1c067a42888588f953ca89e39bfa08b10fcfe1a02321086ed9946bb5c27e012a
                                                                                                                                                                • Instruction ID: 932f111772a7c69d8d5f2118036329e1555c32be39228a518d714aad087b0e03
                                                                                                                                                                • Opcode Fuzzy Hash: 1c067a42888588f953ca89e39bfa08b10fcfe1a02321086ed9946bb5c27e012a
                                                                                                                                                                • Instruction Fuzzy Hash: D201DF20B4CB8181E7048B86A410AAAF661EF98BC0F584036DE2E07BA9CE3CD5419745
                                                                                                                                                                Function 00007FF6BF12A530 Relevance: 2.9, APIs: 2, Instructions: 380COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 00007FF6BF12A562
                                                                                                                                                                  • Part of subcall function 00007FF6BF17BA60: AcquireSRWLockExclusive.KERNEL32(?,?,00000169F54C60B0,00007FF6BEFC7CF1), ref: 00007FF6BF17BA70
                                                                                                                                                                  • Part of subcall function 00007FF6BF128730: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF6BF12A5A3), ref: 00007FF6BF128776
                                                                                                                                                                  • Part of subcall function 00007FF6BF17B9F0: AcquireSRWLockExclusive.KERNEL32(?,?,00000169F54C60B0,00007FF6BEFC7D2C), ref: 00007FF6BF17BA00
                                                                                                                                                                  • Part of subcall function 00007FF6BF17B9F0: ReleaseSRWLockExclusive.KERNEL32(?,?,00000169F54C60B0,00007FF6BEFC7D2C), ref: 00007FF6BF17BA40
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00007FF6BF12AABF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExclusiveLock$AcquireCriticalSectionTime$EnterFileLeaveReleaseSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 516957425-0
                                                                                                                                                                • Opcode ID: a7dd2fc7a77a3ba2fe96cffa6ece4e8546dcefc1a4b38e0b9dc45c6c547f7bac
                                                                                                                                                                • Instruction ID: f71fa73d447de712dffc8ae3da68320019010748b3f57ef7d44700d0046ba594
                                                                                                                                                                • Opcode Fuzzy Hash: a7dd2fc7a77a3ba2fe96cffa6ece4e8546dcefc1a4b38e0b9dc45c6c547f7bac
                                                                                                                                                                • Instruction Fuzzy Hash: 87024072A1C6828BE704DFACE890179BBA0FBA5350F440139E789C77A6DFADD545CB40
                                                                                                                                                                Function 00007FF6BF10BD90 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 94threadCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastThread$CloseCurrentHandleOpenSelfToken$ImpersonateRevert
                                                                                                                                                                • String ID: Unable to adjust token privilege '{}'!$Unable to assign the process impersonation token to the thread!$Unable to lookup privilege '{}'!$Unable to obtain the thread access token!
                                                                                                                                                                • API String ID: 475273544-197369002
                                                                                                                                                                • Opcode ID: ae76d4021564aa320d23062cb3ffeddbc2bf1a1c57c4f008ce50399594942c69
                                                                                                                                                                • Instruction ID: c43271625992e65f37027f77e3f61b1a51f89f569c9e719c003a2457ce1aa7ef
                                                                                                                                                                • Opcode Fuzzy Hash: ae76d4021564aa320d23062cb3ffeddbc2bf1a1c57c4f008ce50399594942c69
                                                                                                                                                                • Instruction Fuzzy Hash: 60411A26A0864386FB14DBE9E8683792361FF54B48F548431C74EC26B9DFBCE5498351
                                                                                                                                                                Function 00007FF6BEFFCE60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 300registrytimeCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2086 7ff6beffce60-7ff6beffcec6 2087 7ff6beffcecc-7ff6beffcf7c call 7ff6beffa4e0 call 7ff6bf004dd0 call 7ff6bf120a90 call 7ff6beffa340 2086->2087 2088 7ff6beffcec8 2086->2088 2097 7ff6beffcf92-7ff6beffd067 call 7ff6bf1cd3e0 call 7ff6bf000d90 call 7ff6bf1cd3e0 call 7ff6bf000d90 2087->2097 2098 7ff6beffcf7e-7ff6beffcf91 call 7ff6beffa620 2087->2098 2088->2087 2109 7ff6beffd070-7ff6beffd078 2097->2109 2098->2097 2109->2109 2110 7ff6beffd07a-7ff6beffd0cd call 7ff6bf000ed0 call 7ff6beffa340 2109->2110 2115 7ff6beffd0d3-7ff6beffd0ef 2110->2115 2116 7ff6beffd31c-7ff6beffd327 2110->2116 2117 7ff6beffd0f2-7ff6beffd0fa 2115->2117 2118 7ff6beffd33c-7ff6beffd35b 2116->2118 2119 7ff6beffd329-7ff6beffd337 call 7ff6bf0002f0 2116->2119 2117->2117 2120 7ff6beffd0fc-7ff6beffd151 call 7ff6bf000f20 call 7ff6beffa340 2117->2120 2122 7ff6beffd35d-7ff6beffd367 2118->2122 2123 7ff6beffd369 2118->2123 2119->2118 2120->2116 2137 7ff6beffd157-7ff6beffd161 2120->2137 2125 7ff6beffd370-7ff6beffd373 2122->2125 2123->2125 2127 7ff6beffd375-7ff6beffd37d RegCloseKey 2125->2127 2128 7ff6beffd387-7ff6beffd399 2125->2128 2127->2128 2130 7ff6beffd37f-7ff6beffd381 SetLastError 2127->2130 2131 7ff6beffd3ae-7ff6beffd3cd 2128->2131 2132 7ff6beffd39b-7ff6beffd3a9 call 7ff6bf0002f0 2128->2132 2130->2128 2135 7ff6beffd3cf-7ff6beffd3d9 2131->2135 2136 7ff6beffd3db 2131->2136 2132->2131 2138 7ff6beffd3e2-7ff6beffd3e5 2135->2138 2136->2138 2137->2116 2141 7ff6beffd167-7ff6beffd18d GetSystemTimeAsFileTime 2137->2141 2139 7ff6beffd3f9-7ff6beffd40e 2138->2139 2140 7ff6beffd3e7-7ff6beffd3ef RegCloseKey 2138->2140 2143 7ff6beffd425-7ff6beffd44b call 7ff6bf17b980 2139->2143 2144 7ff6beffd410-7ff6beffd41b RegCloseKey 2139->2144 2140->2139 2142 7ff6beffd3f1-7ff6beffd3f3 SetLastError 2140->2142 2141->2116 2145 7ff6beffd193-7ff6beffd1b3 2141->2145 2142->2139 2144->2143 2146 7ff6beffd41d-7ff6beffd41f SetLastError 2144->2146 2148 7ff6beffd1b6-7ff6beffd1be 2145->2148 2146->2143 2148->2148 2150 7ff6beffd1c0-7ff6beffd213 call 7ff6bf11eb50 2148->2150 2152 7ff6beffd218-7ff6beffd26d call 7ff6beffa340 call 7ff6bf000d90 2150->2152 2157 7ff6beffd272-7ff6beffd27a 2152->2157 2157->2157 2158 7ff6beffd27c-7ff6beffd2cd call 7ff6bf11ea70 call 7ff6beffa340 2157->2158 2163 7ff6beffd2cf-7ff6beffd2d7 call 7ff6bf0002f0 2158->2163 2164 7ff6beffd2dc-7ff6beffd2f3 2158->2164 2163->2164 2166 7ff6beffd2f5-7ff6beffd2fd 2164->2166 2167 7ff6beffd2ff 2164->2167 2168 7ff6beffd304-7ff6beffd307 2166->2168 2167->2168 2168->2116 2169 7ff6beffd309-7ff6beffd311 RegCloseKey 2168->2169 2169->2116 2170 7ff6beffd313-7ff6beffd31b SetLastError 2169->2170 2170->2116
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseErrorLast$Time$FileSystem
                                                                                                                                                                • String ID: CrashGuardUms$GlobalFlag$StackTraceDatabaseSizeInMB
                                                                                                                                                                • API String ID: 108130482-4061403250
                                                                                                                                                                • Opcode ID: 2cf9c67b92ce20a491445957da71636c1611ee5d19b89fcbb70d193641c3ebca
                                                                                                                                                                • Instruction ID: 896c4ea495359819a9edbc4c7291b8d0281e9c9a65c991f4163ad8fda6c1d1c6
                                                                                                                                                                • Opcode Fuzzy Hash: 2cf9c67b92ce20a491445957da71636c1611ee5d19b89fcbb70d193641c3ebca
                                                                                                                                                                • Instruction Fuzzy Hash: EFF17F72A19BC189E760CF68E8903ED73A4FB95748F005135EB8D9BAA8DF78D244C740
                                                                                                                                                                Function 00007FF6BF119320 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 199COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2171 7ff6bf119320-7ff6bf119380 SHGetFolderPathW 2172 7ff6bf119386-7ff6bf119396 2171->2172 2173 7ff6bf1194cc-7ff6bf1194ea 2171->2173 2175 7ff6bf119398-7ff6bf1193ad GetWindowsDirectoryW 2172->2175 2176 7ff6bf1193c3-7ff6bf1193c6 2172->2176 2174 7ff6bf1194f1-7ff6bf1194fa 2173->2174 2174->2174 2177 7ff6bf1194fc-7ff6bf119507 call 7ff6befc7a00 2174->2177 2178 7ff6bf11963c-7ff6bf119681 GetLastError call 7ff6bf1198d0 call 7ff6bf17e470 2175->2178 2179 7ff6bf1193b3-7ff6bf1193b8 2175->2179 2180 7ff6bf1193c8-7ff6bf1193dd GetSystemDirectoryW 2176->2180 2181 7ff6bf1193f3-7ff6bf1193f6 2176->2181 2194 7ff6bf11950c 2177->2194 2189 7ff6bf119682-7ff6bf1196c4 call 7ff6bf1198d0 call 7ff6bf17e470 2178->2189 2188 7ff6bf1193be 2179->2188 2179->2189 2182 7ff6bf1193e3-7ff6bf1193e8 2180->2182 2183 7ff6bf1196c5-7ff6bf119710 GetLastError call 7ff6bf1198d0 call 7ff6bf17e470 2180->2183 2184 7ff6bf1193f8-7ff6bf1193fb call 7ff6bf1197f0 2181->2184 2185 7ff6bf119405-7ff6bf119408 2181->2185 2190 7ff6bf1193ee 2182->2190 2191 7ff6bf119711-7ff6bf1197ef call 7ff6bf1198d0 call 7ff6bf17e470 call 7ff6bf1198d0 call 7ff6bf17e470 call 7ff6bf1198d0 call 7ff6bf17e470 2182->2191 2183->2191 2200 7ff6bf119400 2184->2200 2195 7ff6bf119417-7ff6bf11941a 2185->2195 2196 7ff6bf11940a-7ff6bf119412 call 7ff6bf119860 2185->2196 2188->2173 2189->2183 2190->2173 2202 7ff6bf11950f-7ff6bf11952f call 7ff6bf17b980 2194->2202 2205 7ff6bf11941c-7ff6bf119449 call 7ff6bf119210 2195->2205 2206 7ff6bf11944e-7ff6bf119451 2195->2206 2196->2194 2200->2194 2205->2194 2215 7ff6bf119457-7ff6bf119487 call 7ff6bf119210 2206->2215 2216 7ff6bf119555-7ff6bf119558 2206->2216 2215->2202 2221 7ff6bf1195f8-7ff6bf11963b call 7ff6bf1198d0 call 7ff6bf17e470 2216->2221 2222 7ff6bf11955e-7ff6bf11958e call 7ff6bf119210 2216->2222 2221->2178 2222->2202
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DirectoryErrorLast$FolderPathSystemWindows
                                                                                                                                                                • String ID: 3$3$AppData$Common AppData$Local AppData$Unable to retrieve a path of the known folder ({})!
                                                                                                                                                                • API String ID: 1744653567-3766723849
                                                                                                                                                                • Opcode ID: 10dda0aeae83e778d1ac1d6a24821082d1dafd2a7cd4421ebdc2848edaec051d
                                                                                                                                                                • Instruction ID: b6ee562f6d8aaf1f7a96ce0a023cf3e19479d9c6c5853d8f49f2c9e84e839da8
                                                                                                                                                                • Opcode Fuzzy Hash: 10dda0aeae83e778d1ac1d6a24821082d1dafd2a7cd4421ebdc2848edaec051d
                                                                                                                                                                • Instruction Fuzzy Hash: E2A1323191CB8691E660DF98E4903EA73A4FB94344F905532E79DC2AB9DF3CD649CB40
                                                                                                                                                                Function 00007FF6BF001F60 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 96memorylibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentProcessProtectVirtual$AddressCacheCall3CheckClientDebuggerFlushHandleInstructionModulePresentProcRemote
                                                                                                                                                                • String ID: IsDebuggerPresent$kernel32.dll
                                                                                                                                                                • API String ID: 2663660448-2078679533
                                                                                                                                                                • Opcode ID: a6e96d3039037b5564e3c5529bcb386ee92312b70a5fb451a4cceb98aff8a6ea
                                                                                                                                                                • Instruction ID: aa16a54ad0bac09f7c0bd03e447cc43982472d100f492b13fe9c366e6b7b943c
                                                                                                                                                                • Opcode Fuzzy Hash: a6e96d3039037b5564e3c5529bcb386ee92312b70a5fb451a4cceb98aff8a6ea
                                                                                                                                                                • Instruction Fuzzy Hash: 2C418F62A0874686FB658FFDE86427977A0FB44B90F444135DB5D82AB6CFBDE448C700
                                                                                                                                                                Function 00007FF6BF10C1E0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$RevertSelf
                                                                                                                                                                • String ID: Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$Unable to remove the impersonation token from the thread!
                                                                                                                                                                • API String ID: 680554984-1021965375
                                                                                                                                                                • Opcode ID: effac372596d7e68db604c044d4819013292818b7e9a76f48771a52b421049a6
                                                                                                                                                                • Instruction ID: 9624c4f6ad865bc7c1e7be32658c473153b5953640331c5fde8a65acdccfdda5
                                                                                                                                                                • Opcode Fuzzy Hash: effac372596d7e68db604c044d4819013292818b7e9a76f48771a52b421049a6
                                                                                                                                                                • Instruction Fuzzy Hash: 7C518E32A08B4696E710DBB9E9603AD33A1FB44788F544436EB8D83A69DF7CD119C740
                                                                                                                                                                Function 00007FF6BF1277D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 130filelibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2475 7ff6bf1277d0-7ff6bf12780b EnterCriticalSection 2476 7ff6bf127811-7ff6bf12781e call 7ff6bf11a930 2475->2476 2477 7ff6bf127893-7ff6bf127898 2475->2477 2485 7ff6bf127820-7ff6bf127823 2476->2485 2486 7ff6bf127842 2476->2486 2479 7ff6bf12789a-7ff6bf1278a8 call 7ff6bf11a930 2477->2479 2480 7ff6bf1278fe-7ff6bf127908 2477->2480 2493 7ff6bf1278aa-7ff6bf1278ad 2479->2493 2494 7ff6bf1278cc 2479->2494 2483 7ff6bf12796b-7ff6bf127988 GetModuleHandleW 2480->2483 2484 7ff6bf12790a-7ff6bf127915 call 7ff6bf11a930 2480->2484 2488 7ff6bf12798a-7ff6bf1279ae GetProcAddress * 2 2483->2488 2489 7ff6bf1279b2-7ff6bf1279c2 LeaveCriticalSection 2483->2489 2504 7ff6bf127917-7ff6bf12791a 2484->2504 2505 7ff6bf127939 2484->2505 2491 7ff6bf12783b-7ff6bf127840 2485->2491 2492 7ff6bf127825-7ff6bf127828 2485->2492 2495 7ff6bf127845-7ff6bf127878 CreateFileW 2486->2495 2488->2489 2491->2495 2497 7ff6bf12782a-7ff6bf12782d 2492->2497 2498 7ff6bf127834-7ff6bf127839 2492->2498 2499 7ff6bf1278af-7ff6bf1278b2 2493->2499 2500 7ff6bf1278c5-7ff6bf1278ca 2493->2500 2501 7ff6bf1278cf-7ff6bf1278fa CreateFileW 2494->2501 2502 7ff6bf12787a-7ff6bf12787d 2495->2502 2503 7ff6bf127890 2495->2503 2497->2495 2506 7ff6bf12782f-7ff6bf127832 2497->2506 2498->2495 2507 7ff6bf1278be-7ff6bf1278c3 2499->2507 2508 7ff6bf1278b4-7ff6bf1278b7 2499->2508 2500->2501 2501->2480 2502->2477 2510 7ff6bf12787f-7ff6bf12788e call 7ff6bf1279f0 2502->2510 2503->2477 2511 7ff6bf12791c-7ff6bf12791f 2504->2511 2512 7ff6bf127932-7ff6bf127937 2504->2512 2509 7ff6bf12793c-7ff6bf127967 CreateFileW 2505->2509 2506->2495 2507->2501 2508->2501 2515 7ff6bf1278b9-7ff6bf1278bc 2508->2515 2509->2483 2510->2477 2513 7ff6bf12792b-7ff6bf127930 2511->2513 2514 7ff6bf127921-7ff6bf127924 2511->2514 2512->2509 2513->2509 2514->2509 2517 7ff6bf127926-7ff6bf127929 2514->2517 2515->2501 2517->2509
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressCreateFileHandleModuleProc$CriticalEnterSection
                                                                                                                                                                • String ID: GetNamedPipeClientProcessId$GetNamedPipeServerProcessId$kernel32.dll
                                                                                                                                                                • API String ID: 3518774015-2718959319
                                                                                                                                                                • Opcode ID: cd9b3e18c9b351f7a62e4e1ff5606561f6cabb9bf1c11b4387f616ff0d885b68
                                                                                                                                                                • Instruction ID: 586c24c85d47de2d02bdaf25b0b0257ec1933d935c1c6be96eafc6ce18361fe9
                                                                                                                                                                • Opcode Fuzzy Hash: cd9b3e18c9b351f7a62e4e1ff5606561f6cabb9bf1c11b4387f616ff0d885b68
                                                                                                                                                                • Instruction Fuzzy Hash: 22515B3290865286E7649FED952423A3BA4FB42B70F550738CB5D836E4CF7EE881CB50
                                                                                                                                                                Function 00007FFDF8465870 Relevance: 15.2, APIs: 10, Instructions: 202windowCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CtrlMessageSend$ParentWindow$Rect
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3091584759-0
                                                                                                                                                                • Opcode ID: e5a7f91b0112b8b10b4cacffd63cf2f567b8703e6046e31a733adf7f5f3738dc
                                                                                                                                                                • Instruction ID: d4fe21b428833b64440cc3f8a353b2ebadad69616e3cff4a21d4660b88b3eca8
                                                                                                                                                                • Opcode Fuzzy Hash: e5a7f91b0112b8b10b4cacffd63cf2f567b8703e6046e31a733adf7f5f3738dc
                                                                                                                                                                • Instruction Fuzzy Hash: B8916172B08A45C6EB148F21D860BADB7A1FF48B88F044436DE6E577A8CF3CD5169349
                                                                                                                                                                Function 00007FF6BF1172C0 Relevance: 13.6, APIs: 9, Instructions: 112COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$CreateDirectory$AttributesFile
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2650082360-0
                                                                                                                                                                • Opcode ID: 321e63aaca680cd295e633b584ea0e7474301843391f035bfe182922c3908595
                                                                                                                                                                • Instruction ID: 7469bb9d5297db89531d487a93ca48f32174283a7a98b2dd77fbc4e549e682f8
                                                                                                                                                                • Opcode Fuzzy Hash: 321e63aaca680cd295e633b584ea0e7474301843391f035bfe182922c3908595
                                                                                                                                                                • Instruction Fuzzy Hash: 3641B232E08A9281EB14CFA9E45017D73A1FBA5B94F444931EB5E83BA8CF3CE556C700
                                                                                                                                                                Function 00007FFDF84D1D30 Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$DeleteRectSelectStock$ClipIntersectSaveVisible
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1353815414-0
                                                                                                                                                                • Opcode ID: 53c4a57303f3444364a6ce3f773186b850ba6289c0bda56134615d0772ee3eb2
                                                                                                                                                                • Instruction ID: 987148c7eaa7bfff3825b8d2769802e573bca0b972b5ffaeedbec6e8498e76c4
                                                                                                                                                                • Opcode Fuzzy Hash: 53c4a57303f3444364a6ce3f773186b850ba6289c0bda56134615d0772ee3eb2
                                                                                                                                                                • Instruction Fuzzy Hash: 1E31F936B18A8187DB40DF15F465929B7B0FB88B94F404035EB9E87B58DF3CE4919B05
                                                                                                                                                                Function 00007FF6BF05AAE0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileLast$ReadSize
                                                                                                                                                                • String ID: get_file_content$get_file_content: GetFileSizeEx$get_file_content: ReadFile
                                                                                                                                                                • API String ID: 3509033087-2648918662
                                                                                                                                                                • Opcode ID: 67347a6eefce451aae3dd8139fd41f3777ffa4630c88171bf6cbc8958edd90cb
                                                                                                                                                                • Instruction ID: 2f04630d51590415b2e3fbdfc19e006b22df1199b1fb5019b722810871e2a328
                                                                                                                                                                • Opcode Fuzzy Hash: 67347a6eefce451aae3dd8139fd41f3777ffa4630c88171bf6cbc8958edd90cb
                                                                                                                                                                • Instruction Fuzzy Hash: 56518E32B18A4299EB00DFA8E9902ED7374FB98788F504132EB4D83AB9DF78D545C340
                                                                                                                                                                Function 00007FF6BF1A2DB0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(?,00007FF6BF1A36E8,?,?,?,?,00007FF6BF19EF6D,?,?,?,?,00007FF6BF179224,?,?,?,00007FF6BF179772), ref: 00007FF6BF1A2F2F
                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF6BF1A36E8,?,?,?,?,00007FF6BF19EF6D,?,?,?,?,00007FF6BF179224,?,?,?,00007FF6BF179772), ref: 00007FF6BF1A2F3B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                • Opcode ID: 0c375ea48d37f75958a8c9791984f65eeec1dd68eecfb2ed4505ca155abcdabe
                                                                                                                                                                • Instruction ID: a657171ad4d27a931c103ae6adfe969e33a8df28bb5dc65ea630f7a3c7349fae
                                                                                                                                                                • Opcode Fuzzy Hash: 0c375ea48d37f75958a8c9791984f65eeec1dd68eecfb2ed4505ca155abcdabe
                                                                                                                                                                • Instruction Fuzzy Hash: F9411532B1968241FA16CB9E995457523D6BF49BD0F088939EF2EC7BA4DF3CE4499300
                                                                                                                                                                Function 00007FF6BF11CAB0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                • API String ID: 0-3023212541
                                                                                                                                                                • Opcode ID: 98c8d8958ac0f82eda5d06206cacfe15022bdc6fbb3233c00ea2d7362b3484bd
                                                                                                                                                                • Instruction ID: 87cdb17bda9e9cc84a4dc129f170fdc95accde4692b31c56f8b9f1b858436533
                                                                                                                                                                • Opcode Fuzzy Hash: 98c8d8958ac0f82eda5d06206cacfe15022bdc6fbb3233c00ea2d7362b3484bd
                                                                                                                                                                • Instruction Fuzzy Hash: 2BA1CC72A08BA586DB10CB59E4403A9BBA1FB91BB4F948321DBBD837E4DF38D555C700
                                                                                                                                                                Function 00007FF6BF11D8A0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseErrorLastQueryValue$ExceptionFileHeaderRaise
                                                                                                                                                                • String ID: Cannot query registry value type
                                                                                                                                                                • API String ID: 1525063674-3837157275
                                                                                                                                                                • Opcode ID: f96767105f71d04ced82daa65f3bc99ac9d91f30b9f1067cd5774cc4a307c595
                                                                                                                                                                • Instruction ID: b7fcf0cdf5a1849f0a2111cc8cdd62397237bc1f695b86daef45789357779f91
                                                                                                                                                                • Opcode Fuzzy Hash: f96767105f71d04ced82daa65f3bc99ac9d91f30b9f1067cd5774cc4a307c595
                                                                                                                                                                • Instruction Fuzzy Hash: DB81AD32B08A959AFB10CFB8E4502ED33A0FB54788F444631EB4D97A69DF38E659C740
                                                                                                                                                                Function 00007FF6BF11A930 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 93libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: HandleModule$AcquireAddressExclusiveLockProc
                                                                                                                                                                • String ID: ModuleId$ProductId$on_avast_dll_unload
                                                                                                                                                                • API String ID: 920030147-2425011003
                                                                                                                                                                • Opcode ID: e99f3e2f4a42e90e2875c857d326a061b901028ab80dcb992afe51ecedb548a4
                                                                                                                                                                • Instruction ID: 1c22d5b596ee3853595a902efde82dee10425b92521c30e42692db2a2ff91146
                                                                                                                                                                • Opcode Fuzzy Hash: e99f3e2f4a42e90e2875c857d326a061b901028ab80dcb992afe51ecedb548a4
                                                                                                                                                                • Instruction Fuzzy Hash: E6417471A18A4791EB50E7ACE4612F96360FFA0344F805631E78DC66B9EF7CE649C740
                                                                                                                                                                Function 00007FF6BF10B7A0 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$CurrentOpenProcessThreadToken$CloseHandle
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2320986313-0
                                                                                                                                                                • Opcode ID: a4b9743fb41235baf4cb0d19906448ac42a37bfcf75e8d58cb8e6c918f6a44d2
                                                                                                                                                                • Instruction ID: eeb06744763f8268c567d20eef9f13511b3095fbc132cb1b7a960928afef0dfe
                                                                                                                                                                • Opcode Fuzzy Hash: a4b9743fb41235baf4cb0d19906448ac42a37bfcf75e8d58cb8e6c918f6a44d2
                                                                                                                                                                • Instruction Fuzzy Hash: 12111222B0978689FA64DBF9E46437A6351EF85B41F408435CA8DC2675DF7CD058C712
                                                                                                                                                                Function 00007FF6BF11E2D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$CloseErrorLast
                                                                                                                                                                • String ID: Cannot create registry key
                                                                                                                                                                • API String ID: 3551974399-2366797263
                                                                                                                                                                • Opcode ID: 11c8eeb124d90bd50031afaca8d02fcea15d2338fa4f8bbf832fff042cc04dd9
                                                                                                                                                                • Instruction ID: 7e9e98b31781418d50521176b24b88a305429018c203ccad0ea888c753cef7bc
                                                                                                                                                                • Opcode Fuzzy Hash: 11c8eeb124d90bd50031afaca8d02fcea15d2338fa4f8bbf832fff042cc04dd9
                                                                                                                                                                • Instruction Fuzzy Hash: ED510872A04B818AE760CFB8E8902DD37B4F754788F500526DF8D97A68CF38D590CB44
                                                                                                                                                                Function 00007FF6BEFF5490 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                • String ID: 244E$661B$Process dumper doesn't exist in path '
                                                                                                                                                                • API String ID: 3188754299-664137131
                                                                                                                                                                • Opcode ID: da1d025887fdf8479e2f0520fbd1791c929eb0e32bda6f978f73e97bea91f64f
                                                                                                                                                                • Instruction ID: 70cacc1e9f7b9ccecbbdbeb33ef7d32eba050233819d9a3fabbb82a308b2b05f
                                                                                                                                                                • Opcode Fuzzy Hash: da1d025887fdf8479e2f0520fbd1791c929eb0e32bda6f978f73e97bea91f64f
                                                                                                                                                                • Instruction Fuzzy Hash: 8041E372A19A4285EB10DF28E4403BE63A4FBA5B89F441131FB8DC7699DF7CD545CB80
                                                                                                                                                                Function 00007FF6BF192C48 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2067211477-0
                                                                                                                                                                • Opcode ID: 5eaeee312dcf0f73d9862fd825015aca671ccff0863cf4f975b789032c1fb287
                                                                                                                                                                • Instruction ID: 7829a65f760642c406f089863afd6c6909bda0687234ea1830da4910239315e1
                                                                                                                                                                • Opcode Fuzzy Hash: 5eaeee312dcf0f73d9862fd825015aca671ccff0863cf4f975b789032c1fb287
                                                                                                                                                                • Instruction Fuzzy Hash: 60213E75A0978246EE59DBEDA46057963A0BF84B80F048C35EF4E83B66DF3CE4058690
                                                                                                                                                                Function 00007FF6BF056890 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 150fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00007FF6BF05691E
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00007FF6BF056938
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?), ref: 00007FF6BF0569E5
                                                                                                                                                                  • Part of subcall function 00007FF6BF17E470: RtlPcToFileHeader.NTDLL ref: 00007FF6BF17E4C0
                                                                                                                                                                  • Part of subcall function 00007FF6BF17E470: RaiseException.KERNELBASE(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF6BF179536), ref: 00007FF6BF17E501
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseCreateErrorExceptionHandleHeaderLastRaise
                                                                                                                                                                • String ID: couldn't open file
                                                                                                                                                                • API String ID: 3501643867-3645828643
                                                                                                                                                                • Opcode ID: e456ae9ecf553efa83dec7ee5434a3bb500008125b83ad057ddef8a856676602
                                                                                                                                                                • Instruction ID: a514749dbfd51e29074757943b1a26b9b52714b9d2c05f843fda759f4c15da21
                                                                                                                                                                • Opcode Fuzzy Hash: e456ae9ecf553efa83dec7ee5434a3bb500008125b83ad057ddef8a856676602
                                                                                                                                                                • Instruction Fuzzy Hash: 51519D76A18B4186E720DB98E4A43A977A4FB84764F504231EBAD877F0DFBDD885C700
                                                                                                                                                                Function 00007FF6BF11D5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseErrorExceptionFileHeaderLastQueryRaiseValue__std_exception_copy
                                                                                                                                                                • String ID: Cannot query registry value
                                                                                                                                                                • API String ID: 1422943749-1100310711
                                                                                                                                                                • Opcode ID: 1291975d7c22ace0529914a9e014f614365913abf4af66bae255711a7adc791d
                                                                                                                                                                • Instruction ID: 57a594858ea98bfa6d29a2247e81845187d395e215120daf6c7efb2fc5bdd95b
                                                                                                                                                                • Opcode Fuzzy Hash: 1291975d7c22ace0529914a9e014f614365913abf4af66bae255711a7adc791d
                                                                                                                                                                • Instruction Fuzzy Hash: 49416B32B08A418AE714DFA8E5911AD33B4FB98788F445535EF4D83B68DF38E654C740
                                                                                                                                                                Function 00007FF6BF12B890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentErrorLastVariable
                                                                                                                                                                • String ID: -$Unable to retrieve environment variable '{}'!
                                                                                                                                                                • API String ID: 3114522214-584169599
                                                                                                                                                                • Opcode ID: 654ce894c625d807aa837aaf75195ea3520df559c5d44af1dfb8accf051af6fd
                                                                                                                                                                • Instruction ID: 4b1ab6526650997df65fccc12c4d420af3305704680396a73cd843c9f1cae11c
                                                                                                                                                                • Opcode Fuzzy Hash: 654ce894c625d807aa837aaf75195ea3520df559c5d44af1dfb8accf051af6fd
                                                                                                                                                                • Instruction Fuzzy Hash: 1531C472618B8581EB44CBA5E45436AB3A0FB88B84F504535EB8D87768DF3CE184CB40
                                                                                                                                                                Function 00007FF6BF116150 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6BF116080: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF6BEFC6A41,?,?,?,?,00000000,00000008,?,00007FF6BEFCCCD5), ref: 00007FF6BF1160C1
                                                                                                                                                                  • Part of subcall function 00007FF6BF116080: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF6BEFC6A41,?,?,?,?,00000000,00000008,?,00007FF6BEFCCCD5), ref: 00007FF6BF1160DA
                                                                                                                                                                  • Part of subcall function 00007FF6BF116080: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF6BEFC6A41,?,?,?,?,00000000,00000008,?,00007FF6BEFCCCD5), ref: 00007FF6BF116137
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6BEFCCD71), ref: 00007FF6BF1161A7
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6BEFCCD71), ref: 00007FF6BF1161C8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 00007FF6BF1161F2
                                                                                                                                                                Strings
                                                                                                                                                                • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF6BF116216
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CloseDeleteEnterEventHandleInitializeLeave
                                                                                                                                                                • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                • API String ID: 3040484998-3605786268
                                                                                                                                                                • Opcode ID: d87add874008cb33a486ec9996a4cbe86447223344b6ee13d2f019e25a5db3ca
                                                                                                                                                                • Instruction ID: 569123ec369f710f303f54a2fdc9d6d497b52912d1953b10bfc9e765eed3338a
                                                                                                                                                                • Opcode Fuzzy Hash: d87add874008cb33a486ec9996a4cbe86447223344b6ee13d2f019e25a5db3ca
                                                                                                                                                                • Instruction Fuzzy Hash: 43219C72A08A0682FA10DBACE9A43793360FF94780F244931DB9D836B5DF3DE595C700
                                                                                                                                                                Function 00007FF6BF0021F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __std_exception_destroy
                                                                                                                                                                • String ID: avcfg://settings/CrashGuard/DumpFirstChance$avdef://config/Common/DumpFirstChance
                                                                                                                                                                • API String ID: 2453523683-111190449
                                                                                                                                                                • Opcode ID: 0163099a54c00a74d6237382d5fa12750a901ae7f07f023f6680c59c3c8afbdc
                                                                                                                                                                • Instruction ID: 1eff2a9bbe04e7219a76eff77ecd57cf4010b90e2463efc78d1254f2ea73fd92
                                                                                                                                                                • Opcode Fuzzy Hash: 0163099a54c00a74d6237382d5fa12750a901ae7f07f023f6680c59c3c8afbdc
                                                                                                                                                                • Instruction Fuzzy Hash: 0D212F72918B8591E610DB98E4500AAB364FB89784F544232FB8D53B69DF3CE195CB40
                                                                                                                                                                Function 00007FFDF8486520 Relevance: 6.5, APIs: 4, Instructions: 492windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Focus$ForegroundWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 332191172-0
                                                                                                                                                                • Opcode ID: b1ba99a6e9452a09a25b038bd3de7f24a6a334b026cacbdc4719f23dda5402f4
                                                                                                                                                                • Instruction ID: 45ed14cad6fd10f46d615913e58679189fe18dc36f7b805ef6038d90bf539d57
                                                                                                                                                                • Opcode Fuzzy Hash: b1ba99a6e9452a09a25b038bd3de7f24a6a334b026cacbdc4719f23dda5402f4
                                                                                                                                                                • Instruction Fuzzy Hash: EB224936B05B8586EB10CF65D465AAD77A2FF44B88F058436CE6D07BA8CF38D409E319
                                                                                                                                                                Function 00007FF6BEFC6470 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000007,00007FF6BF108A7E), ref: 00007FF6BEFC6512
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000007,00007FF6BF108A7E), ref: 00007FF6BEFC6552
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                • String ID: to_wide<char> invalid arguments$to_wide<char>::MultiByteToWideChar
                                                                                                                                                                • API String ID: 626452242-363086301
                                                                                                                                                                • Opcode ID: 3bef8cdc60da9c39fd192987c5151a94e8f3453bb86c3915843af768255778c7
                                                                                                                                                                • Instruction ID: 0510ff5ec50ae3fe9a1399d965ae52adb16554cd38914f087aee897c587c6d2e
                                                                                                                                                                • Opcode Fuzzy Hash: 3bef8cdc60da9c39fd192987c5151a94e8f3453bb86c3915843af768255778c7
                                                                                                                                                                • Instruction Fuzzy Hash: F7410172B0C64681EB208B99E9401797BA4EFA4BC5F614535FB5E83BA4EF3CE585C700
                                                                                                                                                                Function 00007FFDF84583EB Relevance: 6.1, APIs: 4, Instructions: 83timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Timer$ClickCriticalDoubleLeaveSectionTime
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2419403106-0
                                                                                                                                                                • Opcode ID: 1475106bbff1aedd033ec94fe75bb27e4e419721db70016497e73a3d2c1f4a11
                                                                                                                                                                • Instruction ID: 3ed4c5a1b6dbb946eafcf9f44a05b952fd23be9750f87bab40c73876894f6155
                                                                                                                                                                • Opcode Fuzzy Hash: 1475106bbff1aedd033ec94fe75bb27e4e419721db70016497e73a3d2c1f4a11
                                                                                                                                                                • Instruction Fuzzy Hash: 6331AF32B4468587EB59CB25E565BADB7A1FB88B84F004132CF2D07BA4DF38E462D705
                                                                                                                                                                Function 00007FFDF8456A70 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterKillLeaveTimer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 610966039-0
                                                                                                                                                                • Opcode ID: 3e0637cef269a17a1dee3de064c7cffe6cac5d290073153ef176d92e65f52684
                                                                                                                                                                • Instruction ID: b26ae1415314393bf948f86ab2cbfbbadcc2a1c2a92f95c4395ab221d35b7d09
                                                                                                                                                                • Opcode Fuzzy Hash: 3e0637cef269a17a1dee3de064c7cffe6cac5d290073153ef176d92e65f52684
                                                                                                                                                                • Instruction Fuzzy Hash: 4F214862B18A4481EB109F12E8A5A7D7761FF55FC5F184131DE6E0B7A8CF3CD846930A
                                                                                                                                                                Function 00007FF6BEFCCC70 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6BEFC6A00: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF6BEFCCCD5), ref: 00007FF6BEFC6A60
                                                                                                                                                                  • Part of subcall function 00007FF6BEFC6A00: LeaveCriticalSection.KERNEL32 ref: 00007FF6BEFC6AA1
                                                                                                                                                                • WaitForSingleObject.KERNEL32 ref: 00007FF6BEFCCD8D
                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00007FF6BEFCCDAF
                                                                                                                                                                  • Part of subcall function 00007FF6BF116150: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6BEFCCD71), ref: 00007FF6BF1161A7
                                                                                                                                                                  • Part of subcall function 00007FF6BF116150: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6BEFCCD71), ref: 00007FF6BF1161C8
                                                                                                                                                                  • Part of subcall function 00007FF6BF116150: LeaveCriticalSection.KERNEL32 ref: 00007FF6BF1161F2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$CriticalLeaveSection$EventObjectSingleWait
                                                                                                                                                                • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                • API String ID: 1589410826-2706815617
                                                                                                                                                                • Opcode ID: fbf2b4f00594f7ca82bce3e07b6340d55e11d560536ba22621d1515f8671e783
                                                                                                                                                                • Instruction ID: 7acc04d2175c198b8cd411cd67b4f6b4d4881bd6c53f00df960e6f26366b9e39
                                                                                                                                                                • Opcode Fuzzy Hash: fbf2b4f00594f7ca82bce3e07b6340d55e11d560536ba22621d1515f8671e783
                                                                                                                                                                • Instruction Fuzzy Hash: E9518D32B09B429AEB10DFA8D4402EC33A9FB5478CB115935EB4D97BA9DF38E555C340
                                                                                                                                                                Function 00007FF6BEFCCA90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6BEFC6A00: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF6BEFCCCD5), ref: 00007FF6BEFC6A60
                                                                                                                                                                  • Part of subcall function 00007FF6BEFC6A00: LeaveCriticalSection.KERNEL32 ref: 00007FF6BEFC6AA1
                                                                                                                                                                • WaitForSingleObject.KERNEL32 ref: 00007FF6BEFCCBAD
                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00007FF6BEFCCBCF
                                                                                                                                                                  • Part of subcall function 00007FF6BF116150: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6BEFCCD71), ref: 00007FF6BF1161A7
                                                                                                                                                                  • Part of subcall function 00007FF6BF116150: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6BEFCCD71), ref: 00007FF6BF1161C8
                                                                                                                                                                  • Part of subcall function 00007FF6BF116150: LeaveCriticalSection.KERNEL32 ref: 00007FF6BF1161F2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$CriticalLeaveSection$EventObjectSingleWait
                                                                                                                                                                • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                • API String ID: 1589410826-2706815617
                                                                                                                                                                • Opcode ID: 028148862a92c519169a8a3ffcaabf892bccde960af7da595b1e43e078cf75f3
                                                                                                                                                                • Instruction ID: 8cb0b32e206708abb5a4528e604353bc3303c9561e74bfd2826ac3524d6bd17d
                                                                                                                                                                • Opcode Fuzzy Hash: 028148862a92c519169a8a3ffcaabf892bccde960af7da595b1e43e078cf75f3
                                                                                                                                                                • Instruction Fuzzy Hash: 06519E32B09B4299EB10DFA8E4402EC33B9FB54B88B155535EB4D87BA9DF38E555C340
                                                                                                                                                                Function 00007FF6BF004A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ControlCountDeviceTick
                                                                                                                                                                • String ID: X
                                                                                                                                                                • API String ID: 2693983885-3081909835
                                                                                                                                                                • Opcode ID: 12a560f9895aee7df7ec0289f2018c0996df9c24545c492e158419051bf41c07
                                                                                                                                                                • Instruction ID: 8d49b6fb4552bc8a5a14adbcd87c65aa865bab49409b52105b9c2a12cf08240f
                                                                                                                                                                • Opcode Fuzzy Hash: 12a560f9895aee7df7ec0289f2018c0996df9c24545c492e158419051bf41c07
                                                                                                                                                                • Instruction Fuzzy Hash: 42217C37A08F8582E750CF78E49432A73A4FB88B58F109225DB9C43768DF78D095CB40
                                                                                                                                                                Function 00007FF6BF17E470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                • Opcode ID: a3924abaf564cebc9357eef2fe38e05291484a79d7e18ad83b85b2459db9848c
                                                                                                                                                                • Instruction ID: 89bba0fed000c8241c1547933cc2501b33679de9a1d97714addcbf586076d1f2
                                                                                                                                                                • Opcode Fuzzy Hash: a3924abaf564cebc9357eef2fe38e05291484a79d7e18ad83b85b2459db9848c
                                                                                                                                                                • Instruction Fuzzy Hash: 61115832618B8182EB60CF69E410269B7E4FB88B94F184230EF8D87B68DF3CD551CB00
                                                                                                                                                                Function 00007FFDF8464660 Relevance: 4.6, APIs: 3, Instructions: 122timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 951747058-0
                                                                                                                                                                • Opcode ID: e2ecf4126d7325b51e11bb1362bcbac83db8c1138b39ca509e610d1a22cd0a13
                                                                                                                                                                • Instruction ID: f5ac732503295373f4e0fa034aac908ad69ea788b00a8303e6824d7985545543
                                                                                                                                                                • Opcode Fuzzy Hash: e2ecf4126d7325b51e11bb1362bcbac83db8c1138b39ca509e610d1a22cd0a13
                                                                                                                                                                • Instruction Fuzzy Hash: AC51BE32B08B8586EF00CB25E860A79B7A5FF86B95F154031DA5E43BA8DF3CE845D705
                                                                                                                                                                Function 00007FFDF8462660 Relevance: 4.6, APIs: 3, Instructions: 105timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 951747058-0
                                                                                                                                                                • Opcode ID: 7c13838936da61596afb6aba4682eb61b449216ebd8a9a0d1e7c0cb9308f9824
                                                                                                                                                                • Instruction ID: 977cc7e2ba834c4c2631208deef24bc336fb86579f8d76327023814c99c6dc88
                                                                                                                                                                • Opcode Fuzzy Hash: 7c13838936da61596afb6aba4682eb61b449216ebd8a9a0d1e7c0cb9308f9824
                                                                                                                                                                • Instruction Fuzzy Hash: 6B415C26B09B5691EF14CB15E4A4A79B3A6FF88F99F044032CE5E477A8CF3CD4429705
                                                                                                                                                                Function 00007FFDF8460E50 Relevance: 4.6, APIs: 3, Instructions: 99timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 951747058-0
                                                                                                                                                                • Opcode ID: d28a633e0362330915a32de4f0516ca57c0926545ae8fa29d4371d2ff928fa5a
                                                                                                                                                                • Instruction ID: 54bda5de905aac525c2ee96256fd86978c7ea0415afbbccc1a973916874b740f
                                                                                                                                                                • Opcode Fuzzy Hash: d28a633e0362330915a32de4f0516ca57c0926545ae8fa29d4371d2ff928fa5a
                                                                                                                                                                • Instruction Fuzzy Hash: 6C412922B18B4586EF148F16E860929B765FF89FC4B154132DE5E17BA8CF3CD8468305
                                                                                                                                                                Function 00007FFDF8456E70 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalEnterSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1904992153-0
                                                                                                                                                                • Opcode ID: 98e69caaaf53f7fb974ddc30a6292766aaf5965b47f7029b3ae2586ac8f181c8
                                                                                                                                                                • Instruction ID: e35affa9ff1fa75eb585dd6d41d9ac37ef6c002e37575f3d06e636ef4eadf841
                                                                                                                                                                • Opcode Fuzzy Hash: 98e69caaaf53f7fb974ddc30a6292766aaf5965b47f7029b3ae2586ac8f181c8
                                                                                                                                                                • Instruction Fuzzy Hash: EB31E822B0970582EB5ACB11D5A0B7DA392BF05B94F054031CE2D0B7D9DF3CA846A30A
                                                                                                                                                                Function 00007FFDF8473980 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3168844106-0
                                                                                                                                                                • Opcode ID: f6f47fd953e2a13db3240fadf8f5e218c83e9233cf8a1a6e54a296b4d0f4ca66
                                                                                                                                                                • Instruction ID: d73848f75dfc8c3ba093e67643e5182a777fa57e6a65c0cbaeef7370a9f788ed
                                                                                                                                                                • Opcode Fuzzy Hash: f6f47fd953e2a13db3240fadf8f5e218c83e9233cf8a1a6e54a296b4d0f4ca66
                                                                                                                                                                • Instruction Fuzzy Hash: B2216B76B14B4A81EB148B1AE865E6CB7A1FF84F84F454032CE2D077A8DF3CE8069345
                                                                                                                                                                Function 00007FFDF845E790 Relevance: 4.6, APIs: 3, Instructions: 64windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CtrlMessageParentSend
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1176577205-0
                                                                                                                                                                • Opcode ID: 54dafa8ba3fc6a5d869d45bad766bdb8c7ea5ef08f1ef6dff0a40dde764bf071
                                                                                                                                                                • Instruction ID: 917597f0a2863cfb3925c432bbababfcf2ab7fb9f0bd93e90be1c58bace21f09
                                                                                                                                                                • Opcode Fuzzy Hash: 54dafa8ba3fc6a5d869d45bad766bdb8c7ea5ef08f1ef6dff0a40dde764bf071
                                                                                                                                                                • Instruction Fuzzy Hash: 45219D72B0878182EB14CF26A925A6D73A1FF89BC4F540035EE6E4B798DF3DD4418B01
                                                                                                                                                                Function 00007FF6BF004EF0 Relevance: 4.6, APIs: 3, Instructions: 53timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Times$CountProcessSystemTick
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1969624557-0
                                                                                                                                                                • Opcode ID: dcd8e5e7be7fba5c6ed74077f4d26089fa141bc83a8a49af5c14202b2dbf624f
                                                                                                                                                                • Instruction ID: 325c32d79e5b91a23aebdea0cdccefe2a8c0600f39bd71a5f233213cb0ffe62e
                                                                                                                                                                • Opcode Fuzzy Hash: dcd8e5e7be7fba5c6ed74077f4d26089fa141bc83a8a49af5c14202b2dbf624f
                                                                                                                                                                • Instruction Fuzzy Hash: A121EC32618B85C2EB40CF69E45416EB3B4FB88B88F545126EB8D83739EF78D594C740
                                                                                                                                                                Function 00007FFDF8461730 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClientCursorFromPointScreenWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3548534679-0
                                                                                                                                                                • Opcode ID: 12cce3b8879c2b4157d48db865a72c2f03cd2cd71cb6cd257180d5f993f95c2c
                                                                                                                                                                • Instruction ID: 3fcf94dc33d3d66537c8916612d8af036d2ab07734a6c53f200163f11f4b20a4
                                                                                                                                                                • Opcode Fuzzy Hash: 12cce3b8879c2b4157d48db865a72c2f03cd2cd71cb6cd257180d5f993f95c2c
                                                                                                                                                                • Instruction Fuzzy Hash: 17114C76B08B4582DB40CF22E154969B3A1FB88BD4F084432EE5E4B75CDF3CD4559B05
                                                                                                                                                                Function 00007FFDF8462960 Relevance: 4.5, APIs: 3, Instructions: 45windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CtrlMessageParentSend
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1176577205-0
                                                                                                                                                                • Opcode ID: 0bf5ea1af7750d39e4710ceb2ebc3c1e041e08cb43134f79a39fc19b3cd5844d
                                                                                                                                                                • Instruction ID: 0e8d3bd137a546ec3e9bc84177eac8eeabd616d91a789e80a317d4265c9e3374
                                                                                                                                                                • Opcode Fuzzy Hash: 0bf5ea1af7750d39e4710ceb2ebc3c1e041e08cb43134f79a39fc19b3cd5844d
                                                                                                                                                                • Instruction Fuzzy Hash: 0E117C72718B8182EB408F20E859A6973A1FF88BC4F254035EBAE4B768DF3CD491C704
                                                                                                                                                                Function 00007FFDF8474420 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 1208f89c036e917227f61c04985da9f930a8812d9056cab6b8b2bf596a85f33a
                                                                                                                                                                • Instruction ID: 971b850dd5baa111a68abff059d8d785a1b29df65d8c9a2f0e31e65437296371
                                                                                                                                                                • Opcode Fuzzy Hash: 1208f89c036e917227f61c04985da9f930a8812d9056cab6b8b2bf596a85f33a
                                                                                                                                                                • Instruction Fuzzy Hash: FE517026B19A8582EB148B15E86093DB3A1FF44FD0F444131CE6E07BE8DF2CE805E345
                                                                                                                                                                Function 00007FF6BEFC6C90 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __std_exception_destroy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2453523683-0
                                                                                                                                                                • Opcode ID: f885a1d791054fe90273db24759634d3f7693a74f90489486bc4f588d5bc121a
                                                                                                                                                                • Instruction ID: ec8c485ad8c2be73b2fa413159d03037f9d5c47f4ae4ae1ed8bb76b510eaa734
                                                                                                                                                                • Opcode Fuzzy Hash: f885a1d791054fe90273db24759634d3f7693a74f90489486bc4f588d5bc121a
                                                                                                                                                                • Instruction Fuzzy Hash: 2E419332B08B4182EB50CF99E55022AB3A8FB54F95F268136EB9D87760DF7DE841C740
                                                                                                                                                                Function 00007FFDF8472E50 Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3168844106-0
                                                                                                                                                                • Opcode ID: 61f2fa2cb3c25996f5b2251e06f7c32219dcb355a977103a67ba10b72b167588
                                                                                                                                                                • Instruction ID: 2c27e941119b68f39c50351c6b746a2b40c984de0e9568959208261644acab4a
                                                                                                                                                                • Opcode Fuzzy Hash: 61f2fa2cb3c25996f5b2251e06f7c32219dcb355a977103a67ba10b72b167588
                                                                                                                                                                • Instruction Fuzzy Hash: BE31C132B1829186EB64CB25F56067EB7E1FB857C0F440035DA6E83B9CDF2CE5519B05
                                                                                                                                                                Function 00007FFDF8471370 Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3168844106-0
                                                                                                                                                                • Opcode ID: 529ff51b39af76030fdee5ecc23f9afd1507b556fe1b34ebcb25b87aaab8001c
                                                                                                                                                                • Instruction ID: 722a688ad0473c03308a0720591016f671b9708968540e10242d1e939f43028c
                                                                                                                                                                • Opcode Fuzzy Hash: 529ff51b39af76030fdee5ecc23f9afd1507b556fe1b34ebcb25b87aaab8001c
                                                                                                                                                                • Instruction Fuzzy Hash: ED311B66B19A4AC1EF008B16E864A6CB3A5FF88F84F454032CE2D077A8DF3CD8059745
                                                                                                                                                                Function 00007FF6BEFFC4D0 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentInfoNativeProcessSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3852810090-0
                                                                                                                                                                • Opcode ID: 14c4494946f75d40a82cf59734a93dc75e7f1990ab80c491653a7bd9b2f293ab
                                                                                                                                                                • Instruction ID: 4b182a5a16175af0ec3a0d69aeef93ce3ba11f6991bc0bb6b70873d12938bfa6
                                                                                                                                                                • Opcode Fuzzy Hash: 14c4494946f75d40a82cf59734a93dc75e7f1990ab80c491653a7bd9b2f293ab
                                                                                                                                                                • Instruction Fuzzy Hash: 3E419232604B8086D354CF65E98065DB7FCFB68B88F15422ADB8847BA8DF78D065C350
                                                                                                                                                                Function 00007FFDF8463570 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: UpdateWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2116364557-0
                                                                                                                                                                • Opcode ID: c86d99b05ce1654ec701db8511d34a59832acb5111bb8cc54e0c11ed7eb44029
                                                                                                                                                                • Instruction ID: d6b7b50047e4c38c11cc2757adda9ba7aec0c8871b5faa8cdc21078f7276c30b
                                                                                                                                                                • Opcode Fuzzy Hash: c86d99b05ce1654ec701db8511d34a59832acb5111bb8cc54e0c11ed7eb44029
                                                                                                                                                                • Instruction Fuzzy Hash: 42216032B09A8582EB248B15E060679F761FF88F98F048235DA6E477A8CF2CE4409705
                                                                                                                                                                Function 00007FF6BF192ADC Relevance: 3.1, APIs: 2, Instructions: 51threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FF6BF1A02D0: GetLastError.KERNEL32(?,?,?,00007FF6BF1A73CB,?,?,?,00007FF6BF1A0694,?,?,?,00007FF6BF18FFCF,?,?,00000000,00007FF6BF1A55AF), ref: 00007FF6BF1A02DF
                                                                                                                                                                  • Part of subcall function 00007FF6BF1A02D0: FlsGetValue.KERNEL32(?,?,?,00007FF6BF1A73CB,?,?,?,00007FF6BF1A0694,?,?,?,00007FF6BF18FFCF,?,?,00000000,00007FF6BF1A55AF), ref: 00007FF6BF1A02F4
                                                                                                                                                                  • Part of subcall function 00007FF6BF1A02D0: SetLastError.KERNEL32(?,?,?,00007FF6BF1A73CB,?,?,?,00007FF6BF1A0694,?,?,?,00007FF6BF18FFCF,?,?,00000000,00007FF6BF1A55AF), ref: 00007FF6BF1A037F
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BEFFBED8), ref: 00007FF6BF192B1E
                                                                                                                                                                • ExitThread.KERNEL32 ref: 00007FF6BF192B26
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$ExitThreadValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 10640732-0
                                                                                                                                                                • Opcode ID: bcca149aec0cac72ea884b249850bc3c6127843bfa059a7f7e821730280399ca
                                                                                                                                                                • Instruction ID: 544a4684f86906b81f070a8449b0ec4dbf5bc58d1c42062979fce9387dfbe2ee
                                                                                                                                                                • Opcode Fuzzy Hash: bcca149aec0cac72ea884b249850bc3c6127843bfa059a7f7e821730280399ca
                                                                                                                                                                • Instruction Fuzzy Hash: 73015232E4A64641FE09ABFD94651BC13E0AF55B10F049834DB0DC7BB7DF6CA4498791
                                                                                                                                                                Function 00007FF6BF1626C0 Relevance: 3.0, APIs: 2, Instructions: 38timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • QueryUnbiasedInterruptTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6BEFC3281), ref: 00007FF6BF1626DD
                                                                                                                                                                • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6BEFC3281), ref: 00007FF6BF1626F2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InterruptQuerySystemTimeTimesUnbiased
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3974609374-0
                                                                                                                                                                • Opcode ID: f9c3a206c6382d1aa1d47deaf89e8e709376e4734b79e1b60508649fd79711a3
                                                                                                                                                                • Instruction ID: a20c0288ceda3ad7176c4163d677c54f5c6257cd857c5c4a712d9eb86a6424a8
                                                                                                                                                                • Opcode Fuzzy Hash: f9c3a206c6382d1aa1d47deaf89e8e709376e4734b79e1b60508649fd79711a3
                                                                                                                                                                • Instruction Fuzzy Hash: FF119476618A8587D764CF55F49046AB7A1F7CCB48B40522AFA8E83B28DF3CD654CF04
                                                                                                                                                                Function 00007FFDF8459310 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3168844106-0
                                                                                                                                                                • Opcode ID: 882a88c8d3e879b82982ac0d199ca3ddd429e327ed0d535db1bbaa6ab581db5e
                                                                                                                                                                • Instruction ID: c033f07ad3e92486d83facda5a7b35399a6852784bd5622df914ea7de6089fce
                                                                                                                                                                • Opcode Fuzzy Hash: 882a88c8d3e879b82982ac0d199ca3ddd429e327ed0d535db1bbaa6ab581db5e
                                                                                                                                                                • Instruction Fuzzy Hash: 41F06221B1878181DB14DB16F55596E7761EFC9BC0F581030EE5D07B5CEE3CD4918B00
                                                                                                                                                                Function 00007FF6BEFC3240 Relevance: 3.0, APIs: 2, Instructions: 28timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InitializeCriticalSection.KERNEL32 ref: 00007FF6BEFC325A
                                                                                                                                                                • QueryUnbiasedInterruptTime.KERNEL32 ref: 00007FF6BEFC3265
                                                                                                                                                                  • Part of subcall function 00007FF6BF1626C0: QueryUnbiasedInterruptTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6BEFC3281), ref: 00007FF6BF1626DD
                                                                                                                                                                  • Part of subcall function 00007FF6BF1626C0: GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF6BEFC3281), ref: 00007FF6BF1626F2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InterruptQueryTimeUnbiased$CriticalInitializeSectionSystemTimes
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2575030287-0
                                                                                                                                                                • Opcode ID: 28ef30ddcf52d584fc779b9deb8e560bb088c138461754af21a93345401f040e
                                                                                                                                                                • Instruction ID: f6c51d0264ca3b182879b11f20de50f22ae9856cac1a2ac0f47154408e297cd3
                                                                                                                                                                • Opcode Fuzzy Hash: 28ef30ddcf52d584fc779b9deb8e560bb088c138461754af21a93345401f040e
                                                                                                                                                                • Instruction Fuzzy Hash: 0301D722D28A8A81F644DBBCEA511B96360FFA9744F615231DB4D92276EF3CE1D68700
                                                                                                                                                                Function 00007FF6BF11F090 Relevance: 1.7, APIs: 1, Instructions: 203registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                • Opcode ID: 9d094c8237740a39a985b724cb6291bb30abf5bfdde8689f8c4f365e02951575
                                                                                                                                                                • Instruction ID: cfab9c1b7763bcd6b38a1c82e511d4a727cecb9221ef90bd48f14c8739a3c173
                                                                                                                                                                • Opcode Fuzzy Hash: 9d094c8237740a39a985b724cb6291bb30abf5bfdde8689f8c4f365e02951575
                                                                                                                                                                • Instruction Fuzzy Hash: 56719C72B04B9089E710CFA9E8002AD77A4FB98B98F504136EF8C97B58DF38E591C740
                                                                                                                                                                Function 00007FF6BF17BAF0 Relevance: 1.6, APIs: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Concurrency::cancel_current_task
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 118556049-0
                                                                                                                                                                • Opcode ID: b6726eebe5970e935abaefb7d137f07d62176c837a0a187dfa538b9dca067bbd
                                                                                                                                                                • Instruction ID: 856848e95696464d46743ed11331bdcc52f0e7f8c9bad3f085b0e180c0cf225e
                                                                                                                                                                • Opcode Fuzzy Hash: b6726eebe5970e935abaefb7d137f07d62176c837a0a187dfa538b9dca067bbd
                                                                                                                                                                • Instruction Fuzzy Hash: E6519AB2A1C2428AF724CFADE5412263794BF143A0F50CA39DA6DC76B8DF3CE4418B04
                                                                                                                                                                Function 00007FF6BEFD0E00 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                                • Opcode ID: cc44cef1c4a6939bcb2fb34f2eaad9496bfa58eaea93b94545405c380b7a3802
                                                                                                                                                                • Instruction ID: 23d8f9a1d905a643c2a0f7f50338fb160fe982b16b46ecbbbd96d93b316e19b8
                                                                                                                                                                • Opcode Fuzzy Hash: cc44cef1c4a6939bcb2fb34f2eaad9496bfa58eaea93b94545405c380b7a3802
                                                                                                                                                                • Instruction Fuzzy Hash: 4641E66670464981EB10DB1AE5081BD67AAFB58BE0F548631EFBE877D5EF3CE4408300
                                                                                                                                                                Function 00007FFDF8526550 Relevance: 1.6, APIs: 1, Instructions: 94timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Timer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2870079774-0
                                                                                                                                                                • Opcode ID: 0fb0d7d4559351097e169249de91df9ec826310999d2963f8fc96245924dc27c
                                                                                                                                                                • Instruction ID: c95111b387ba3ce49ddae259fac96081373e519295af9be625e03190876563d2
                                                                                                                                                                • Opcode Fuzzy Hash: 0fb0d7d4559351097e169249de91df9ec826310999d2963f8fc96245924dc27c
                                                                                                                                                                • Instruction Fuzzy Hash: A3416A6AB05B4A82EF158B16D460679B3A1FF88F84F484036CE2E077E8CF3CE4519345
                                                                                                                                                                Function 00007FF6BEFD0B80 Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3668304517-0
                                                                                                                                                                • Opcode ID: fad1ee978de6c6013a306ff6783a51ac4a8e5adfee1197fbbc358ea89bcb5c4d
                                                                                                                                                                • Instruction ID: 5a375f0ce9e1bbf84ed3fa81e8499bd17b6108133bf1b501843d26039387b5f4
                                                                                                                                                                • Opcode Fuzzy Hash: fad1ee978de6c6013a306ff6783a51ac4a8e5adfee1197fbbc358ea89bcb5c4d
                                                                                                                                                                • Instruction Fuzzy Hash: D8112372F0E64781EE14EB19E0512BD66A5EFA4795FA44A30F79E837D6DF2CD0908700
                                                                                                                                                                Function 00007FF6BF128430 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DeviceIoControl.KERNEL32 ref: 00007FF6BF1284B3
                                                                                                                                                                  • Part of subcall function 00007FF6BF1277D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BF12846D), ref: 00007FF6BF1277F2
                                                                                                                                                                  • Part of subcall function 00007FF6BF1277D0: CreateFileW.KERNEL32 ref: 00007FF6BF12786A
                                                                                                                                                                  • Part of subcall function 00007FF6BF1277D0: CreateFileW.KERNEL32 ref: 00007FF6BF1278F4
                                                                                                                                                                  • Part of subcall function 00007FF6BF1277D0: CreateFileW.KERNEL32 ref: 00007FF6BF127961
                                                                                                                                                                  • Part of subcall function 00007FF6BF1277D0: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BF12846D), ref: 00007FF6BF127972
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile$ControlCriticalDeviceEnterHandleModuleSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1346707572-0
                                                                                                                                                                • Opcode ID: a71a14d10741d5f2aaa17c4273bacbbc2e94bbc5bb5be77c6d904aeafcddf90c
                                                                                                                                                                • Instruction ID: 888aee61a55ddcef8b0b9fbb57d330ca0000f92f21cf464ca1919673744c9d60
                                                                                                                                                                • Opcode Fuzzy Hash: a71a14d10741d5f2aaa17c4273bacbbc2e94bbc5bb5be77c6d904aeafcddf90c
                                                                                                                                                                • Instruction Fuzzy Hash: F4113A72A0868287EB10CB98E45036AB7A0FB85364F500635E79D87BE8DF7EE444CB00
                                                                                                                                                                Function 00007FF6BEFC1CF3 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                • Opcode ID: 11dd4f08567b0b349d1cb08cbe7fa20589657724ba2bdded5ba14ad1961f55a4
                                                                                                                                                                • Instruction ID: cd1b558f758040b649e68ebb855d597278fcce0318ad765e0e76e842ec96b3ad
                                                                                                                                                                • Opcode Fuzzy Hash: 11dd4f08567b0b349d1cb08cbe7fa20589657724ba2bdded5ba14ad1961f55a4
                                                                                                                                                                • Instruction Fuzzy Hash: FE013932918B8281E710DF64E4900A87365FBE5B44B558636EB8D932A5EFB8E5D1C340
                                                                                                                                                                Function 00007FFDF8720104 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FFDF872A4F1,?,?,00000000,00007FFDF8719A8F,?,?,?,00007FFDF871EBBF,?,?,?,00007FFDF871EAB5), ref: 00007FFDF8720142
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 3f9253aa019fcbf43e390d724155ba4e7012e79ae796e975e7c913fd655fb92f
                                                                                                                                                                • Instruction ID: aacf8b9121cec5d21bbe3814d2df60ec155a6b4ba1e909fa3aedfa12c3ce37d5
                                                                                                                                                                • Opcode Fuzzy Hash: 3f9253aa019fcbf43e390d724155ba4e7012e79ae796e975e7c913fd655fb92f
                                                                                                                                                                • Instruction Fuzzy Hash: 10F05E11B8920685FF14A7A15961B79B2904F44BA0F084234DD3E453C9EE2CB440AA2A
                                                                                                                                                                Function 00007FF6BEFFA7A0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __std_exception_destroy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2453523683-0
                                                                                                                                                                • Opcode ID: c3fe979e7cd3b96ce53fb02fece19a55337768ccc07c3e23f30270260611c1da
                                                                                                                                                                • Instruction ID: 81ed55d4a8537645ed17d5df9c7e103833341babdec50692794538a37cb32a57
                                                                                                                                                                • Opcode Fuzzy Hash: c3fe979e7cd3b96ce53fb02fece19a55337768ccc07c3e23f30270260611c1da
                                                                                                                                                                • Instruction Fuzzy Hash: 24F06D32918B8185DB10DB99F55006AB3A4FB887D0F504232EBCD83B65EF7CD2A4C700
                                                                                                                                                                Function 00007FFDF8471BB5 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalLeaveSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3988221542-0
                                                                                                                                                                • Opcode ID: d9ca81c6b8e4a45f9680057766dbb202e5dd952a46211edc82771e497e7d27b6
                                                                                                                                                                • Instruction ID: 3f4042484e9741e319f8f0fb75ddb74dd692612b51b7ae846ac56a4fadbd42c6
                                                                                                                                                                • Opcode Fuzzy Hash: d9ca81c6b8e4a45f9680057766dbb202e5dd952a46211edc82771e497e7d27b6
                                                                                                                                                                • Instruction Fuzzy Hash: BAE06D6670869582D7008B02B04556ABB66FB86FD8F84002AFF9E47B89CF3CD085DB04
                                                                                                                                                                Function 00007FFDF8471BAB Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalLeaveSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3988221542-0
                                                                                                                                                                • Opcode ID: 30efb4df2fbf02d43592041d683a3d79cd0284d87797d474118ea3651938b1ba
                                                                                                                                                                • Instruction ID: 06d9fa76a55db5c506ff9977ed1a11ac78900ec7dd44798027ce8ab8678338ad
                                                                                                                                                                • Opcode Fuzzy Hash: 30efb4df2fbf02d43592041d683a3d79cd0284d87797d474118ea3651938b1ba
                                                                                                                                                                • Instruction Fuzzy Hash: FFE06D6670869582D7008B02B0455AABB66FB86FD8F84002AFF9E47B89CF3DD085DB04
                                                                                                                                                                Function 00007FFDF8471BBF Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalLeaveSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3988221542-0
                                                                                                                                                                • Opcode ID: 3204ed8f8b3a09ccccec6931e468aea2b73dff17fcefaa9498ace61b4f3671df
                                                                                                                                                                • Instruction ID: 1763688b0ee7620b84d39c1356e06e9f891ffea03e6feee0c9bebc0c8d4fe255
                                                                                                                                                                • Opcode Fuzzy Hash: 3204ed8f8b3a09ccccec6931e468aea2b73dff17fcefaa9498ace61b4f3671df
                                                                                                                                                                • Instruction Fuzzy Hash: C5E06D6670869582D7018B02B05556ABB66FB86FD8F84002AFF9E47B89CF3CD185DB05
                                                                                                                                                                Function 00007FFDF8471BC9 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalLeaveSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3988221542-0
                                                                                                                                                                • Opcode ID: 44ee3b66534310cb6a24b3a1a8730f228560618ff1b3781b65a81e4b3a0b3cd5
                                                                                                                                                                • Instruction ID: bab02890e695144d7716aefc8684f6f19e1afca637df8391572fce6814f0d800
                                                                                                                                                                • Opcode Fuzzy Hash: 44ee3b66534310cb6a24b3a1a8730f228560618ff1b3781b65a81e4b3a0b3cd5
                                                                                                                                                                • Instruction Fuzzy Hash: 6BE06DA670869582D7008B02B14556ABB66FB86FD8F84002AFF9E47B89CF3DD085DB04
                                                                                                                                                                Function 00007FFDF8471BD3 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalLeaveSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3988221542-0
                                                                                                                                                                • Opcode ID: daf2111049cd13370a36bd6f39b7149224d182817afa46094665edcbdbf2a919
                                                                                                                                                                • Instruction ID: 5a4c2f5cb12d1c959dd18bf2bfd9f4a87db9bd188c57d49909e3fdeaca40f933
                                                                                                                                                                • Opcode Fuzzy Hash: daf2111049cd13370a36bd6f39b7149224d182817afa46094665edcbdbf2a919
                                                                                                                                                                • Instruction Fuzzy Hash: 27E06D6630869082C6008B02A04545ABB65F785FD8F44001AFF9E47B99CE3CC045C700
                                                                                                                                                                Function 00007FF6BEFC1A70 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Startup
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 724789610-0
                                                                                                                                                                • Opcode ID: 1e288c9155c8e599032719a1e1eaa0fa6b432dbe33f8a6adf7b8321f94e9ea39
                                                                                                                                                                • Instruction ID: 3403b5ef7b521a02cfcc83b35555e93120c07836a1e55a999838a33ca2366d3a
                                                                                                                                                                • Opcode Fuzzy Hash: 1e288c9155c8e599032719a1e1eaa0fa6b432dbe33f8a6adf7b8321f94e9ea39
                                                                                                                                                                • Instruction Fuzzy Hash: E4E01275A59586C1FA94D7A8E8653B52360FB88704F804531C74D86675DF3CD0058B00
                                                                                                                                                                Function 00007FFDF86D8434 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: faa2ca465b1c1970269326dcf1c78b8349ff48af99e3bd989f5bac77709a1603
                                                                                                                                                                • Instruction ID: d962b35e9d2d479002c025ad46bb09178eeb52c9b69e9348144bf34284bce8e5
                                                                                                                                                                • Opcode Fuzzy Hash: faa2ca465b1c1970269326dcf1c78b8349ff48af99e3bd989f5bac77709a1603
                                                                                                                                                                • Instruction Fuzzy Hash: 00D09222F5A64B51FF646675583AABA21801F087B0E5C0B30E93D447DFAE1CA441B12B
                                                                                                                                                                Function 00007FF6BF1A0840 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF6BF1A53A9,?,?,00000000,00007FF6BF19FDE3,?,?,?,00007FF6BF19F867,?,?,?,00007FF6BF19F75D), ref: 00007FF6BF1A087E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3648039115.00007FF6BEFC1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF6BEFC0000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3647956992.00007FF6BEFC0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648283735.00007FF6BF200000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648383513.00007FF6BF2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648444606.00007FF6BF2E2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648479130.00007FF6BF2E7000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648510482.00007FF6BF2E8000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648544706.00007FF6BF2EC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648602498.00007FF6BF2ED000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648639251.00007FF6BF2EE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648676892.00007FF6BF2EF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648711843.00007FF6BF2F4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648749072.00007FF6BF2F5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648784691.00007FF6BF2F6000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648837673.00007FF6BF2F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648917245.00007FF6BF2FB000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3648955139.00007FF6BF2FC000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF349000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649017242.00007FF6BF34E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649145908.00007FF6BF353000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ff6befc0000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                • Opcode ID: afa36db0b1c0426ef238510569de8cfb9ce05aa8ed4d70af3096684486d0051d
                                                                                                                                                                • Instruction ID: 06522a3f99ffe3568ef52cae1bb63a023931ee19b3dd5191614fce27544e0808
                                                                                                                                                                • Opcode Fuzzy Hash: afa36db0b1c0426ef238510569de8cfb9ce05aa8ed4d70af3096684486d0051d
                                                                                                                                                                • Instruction Fuzzy Hash: 5AF05820E0920385FA6967FE694027913C85F847E0F088E78DF3EC62F2DF2CA54942A4

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00007FFDF84929D0 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 404registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                • String ID: (@$-HTMLAYOUT-POPUP$-HTMLAYOUT-TOOL$HTMLAYOUT$HTMLAYOUT-POPUP$HTMLAYOUT-TOOL$P
                                                                                                                                                                • API String ID: 2620246556-1650735011
                                                                                                                                                                • Opcode ID: dca2c2cd1858a8d38724b748f2889dec79b4343741c257d05c29589acb2755f0
                                                                                                                                                                • Instruction ID: 7380c10e4df52819aded58ea1e27311a191d8142e6d93383374aa796df04ff29
                                                                                                                                                                • Opcode Fuzzy Hash: dca2c2cd1858a8d38724b748f2889dec79b4343741c257d05c29589acb2755f0
                                                                                                                                                                • Instruction Fuzzy Hash: 1B122232F1C75286F7708B14E460AB973E5FB95348F100135E6AD86AECDF6CE581AB06
                                                                                                                                                                Function 00007FFDF848F890 Relevance: 33.4, APIs: 22, Instructions: 421COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$Long$Rect$Client$FillObjectParentStock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 116929244-0
                                                                                                                                                                • Opcode ID: 3e69c870c6a28c31e8236963f1f213f102389d2540a8f9a713659caacc573e1d
                                                                                                                                                                • Instruction ID: 34a73268b3df63739c1ba9db5e22256ae490922b55cf56b5a9e6e22146add859
                                                                                                                                                                • Opcode Fuzzy Hash: 3e69c870c6a28c31e8236963f1f213f102389d2540a8f9a713659caacc573e1d
                                                                                                                                                                • Instruction Fuzzy Hash: 16125E32B14B828AEB10CF65D8606BC7761FB99B88F049235DE6E47B98DF38E541D305
                                                                                                                                                                Function 00007FFDF845E890 Relevance: 22.7, APIs: 15, Instructions: 199timekeyboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AsyncState$Timer$Kill$ClickDoubleTime
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1542649206-0
                                                                                                                                                                • Opcode ID: b7bc70de738e38aa0d9bdec1a8f0b783b5acbf8cf6aafc6f35ba69ba90938c0a
                                                                                                                                                                • Instruction ID: 52425036876e9bf3385ca0dbbfab564f6866b6196d458d0230408b67cc513edb
                                                                                                                                                                • Opcode Fuzzy Hash: b7bc70de738e38aa0d9bdec1a8f0b783b5acbf8cf6aafc6f35ba69ba90938c0a
                                                                                                                                                                • Instruction Fuzzy Hash: BD915F36B18A4186EF108B65E86566D73A1FF48B94F004536CE6E4B7A8DF3CE4429345
                                                                                                                                                                Function 00007FFDF85F8AE0 Relevance: 15.1, APIs: 10, Instructions: 89clipboardmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Global$Clipboard$AllocByteCharDataLockMultiUnlockWide$CloseOpen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2505041382-0
                                                                                                                                                                • Opcode ID: a1a8d5105fa335b4da135ec4fab4c9fc27a8f0e68b10a265222f39e71d84bd9d
                                                                                                                                                                • Instruction ID: ad3a5040d66427802238d4d88b2e2962c778c1cfd8e19d750d0ceb861049e9af
                                                                                                                                                                • Opcode Fuzzy Hash: a1a8d5105fa335b4da135ec4fab4c9fc27a8f0e68b10a265222f39e71d84bd9d
                                                                                                                                                                • Instruction Fuzzy Hash: 84418B76B09B8286EB108B12E465669B7A0FF49BD0F044035DE9E0B7E8DF3CE451D706
                                                                                                                                                                Function 00007FFDF8718EA4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                • Opcode ID: d50ba2b3d08042b95fb5676ad44282ad009feb2c2db3e1e9b420209ead40d217
                                                                                                                                                                • Instruction ID: f57adcc5100570fee513337cdaaa05024aabf3a80974598d0065d232100aa0c3
                                                                                                                                                                • Opcode Fuzzy Hash: d50ba2b3d08042b95fb5676ad44282ad009feb2c2db3e1e9b420209ead40d217
                                                                                                                                                                • Instruction Fuzzy Hash: DD315D32718B8196EB60CF25E850BAE73A5FB88754F500136EAAD47B98DF38C546CB05
                                                                                                                                                                Function 00007FFDF8457E9A Relevance: 3.0, APIs: 2, Instructions: 38nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalLeaveNtdllProc_SectionWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1010420636-0
                                                                                                                                                                • Opcode ID: a67d7924876490a86e0a0cfe7bc1e821c7b8c34d6ff2d522842c643d97f75189
                                                                                                                                                                • Instruction ID: 41ba215e6a4cd620d821a1f1063c8a161862dd922e925885c43188a2e83b6a98
                                                                                                                                                                • Opcode Fuzzy Hash: a67d7924876490a86e0a0cfe7bc1e821c7b8c34d6ff2d522842c643d97f75189
                                                                                                                                                                • Instruction Fuzzy Hash: 2DF08C26B05A4886EB129F25E960A69A761FF45FA9F414432CE1D07BA8CF38D486A305
                                                                                                                                                                Function 00007FFDF8458D05 Relevance: 1.6, APIs: 1, Instructions: 92nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NtdllProc_Window
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4255912815-0
                                                                                                                                                                • Opcode ID: a39e82baec6e8d0236d6995b8afc6a1b016ed468e5590105754d8679da63df3f
                                                                                                                                                                • Instruction ID: f80247efb2d6da039eb6fedcfdead1245888defc05177e70222cb63bb1293f87
                                                                                                                                                                • Opcode Fuzzy Hash: a39e82baec6e8d0236d6995b8afc6a1b016ed468e5590105754d8679da63df3f
                                                                                                                                                                • Instruction Fuzzy Hash: 97314B6370E7D04BE7034F35582529D3F719792B54F9AC4A6DBC587383DA2C485AC712
                                                                                                                                                                Function 00007FFDF8490E10 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NtdllProc_Window
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4255912815-0
                                                                                                                                                                • Opcode ID: f733d7b0e43939f45a5e55e0cf02acc3c64302366a67dc4218db3f6914515abe
                                                                                                                                                                • Instruction ID: e0d67d1c6eb0cfb2ced72c7d9b7deac5d9a64b90b84b13544b9d2c4bac8e312c
                                                                                                                                                                • Opcode Fuzzy Hash: f733d7b0e43939f45a5e55e0cf02acc3c64302366a67dc4218db3f6914515abe
                                                                                                                                                                • Instruction Fuzzy Hash: 9A119422A1874587EF608B19B19066E62D2FBC57C8F500135EB8843B9DCF3CD8919B45
                                                                                                                                                                Function 00007FFDF8490EC0 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NtdllProc_Window
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4255912815-0
                                                                                                                                                                • Opcode ID: 5a356ff185262853064fa028fa0dc5b58fd1261824d8097364697b11f14a2e57
                                                                                                                                                                • Instruction ID: a6173ca1f1e25a78a321eddfbe282e107510201d660e923dfe19d1bf6c1cf039
                                                                                                                                                                • Opcode Fuzzy Hash: 5a356ff185262853064fa028fa0dc5b58fd1261824d8097364697b11f14a2e57
                                                                                                                                                                • Instruction Fuzzy Hash: E2119E22A1874587EB608B29B190A6EA3D1FB89788F500135FB8843B9DCF3CD5919B45
                                                                                                                                                                Function 00007FFDF8458E20 Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NtdllProc_Window
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4255912815-0
                                                                                                                                                                • Opcode ID: 2baa6eb96bfa72c2706d9de375f3d969ecb80cf54a79763b0e48b37a2784e6f3
                                                                                                                                                                • Instruction ID: e3f555b42d2abdd288be563fac00b01eb1ed47dde32787a5fa8f5cf9d9451e51
                                                                                                                                                                • Opcode Fuzzy Hash: 2baa6eb96bfa72c2706d9de375f3d969ecb80cf54a79763b0e48b37a2784e6f3
                                                                                                                                                                • Instruction Fuzzy Hash: 0DF0F433B187408AE7009B12F85496977A9EB98BD0F684135EE5D07368DF38E892CB00
                                                                                                                                                                Function 00007FFDF8490D50 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClientLongRectWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 960404090-0
                                                                                                                                                                • Opcode ID: 65b2dd5ef3058c479f93bbf33374950053748c74e94e7b4f9a9d29cca74bfb18
                                                                                                                                                                • Instruction ID: 4ecd4e42f2aab452c3335a47958cb8ca4b6a6fe82ed05243ed7e650905bc1b19
                                                                                                                                                                • Opcode Fuzzy Hash: 65b2dd5ef3058c479f93bbf33374950053748c74e94e7b4f9a9d29cca74bfb18
                                                                                                                                                                • Instruction Fuzzy Hash: 73F058B2A18B84CADB40CF40E084A0EB7A4F7943A4F200135EB9C03758CB78D5A5CF84
                                                                                                                                                                Function 00007FFDF8490DB0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClientLongRectWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 960404090-0
                                                                                                                                                                • Opcode ID: 23c6f1a1c7a214638f78fc7cb8363fb6d62061bf4068619fc65ca9dd7cf65116
                                                                                                                                                                • Instruction ID: 27ce538b48d4e0a23adfa7144c1fcc7474d0abfc1d5ad4a904dbea842dd55eba
                                                                                                                                                                • Opcode Fuzzy Hash: 23c6f1a1c7a214638f78fc7cb8363fb6d62061bf4068619fc65ca9dd7cf65116
                                                                                                                                                                • Instruction Fuzzy Hash: 8FF05872A18B84CACB00CF40E084A0EB7A4F7943A8F200135EB9C03758CB78D5A6CF84
                                                                                                                                                                Function 00007FFDF848FF20 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8be2ce682c5ca2b17a8885727f63a7270026a404a266b64236438d4a8396ac7b
                                                                                                                                                                • Instruction ID: 400e49648809cb6a1922f52af1334781777a5058325c81ec2d4500dd0a425c8e
                                                                                                                                                                • Opcode Fuzzy Hash: 8be2ce682c5ca2b17a8885727f63a7270026a404a266b64236438d4a8396ac7b
                                                                                                                                                                • Instruction Fuzzy Hash: 48F08C72A18B84CAC700CF40E084A0EB7B4F785394F204136EBAC03B58CB78D5A5CF44
                                                                                                                                                                Function 00007FFDF84E59D0 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 180libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$Version$LibraryLoad
                                                                                                                                                                • String ID: A$CloseThemeData$DrawThemeBackground$DrawThemeText$GetThemeBackgroundContentRect$GetThemeInt$GetThemePartSize$IsThemeBackgroundPartiallyTransparent$OpenThemeData$SetWindowTheme$UXTHEME.DLL
                                                                                                                                                                • API String ID: 29192645-1228588308
                                                                                                                                                                • Opcode ID: 75c69dca568c91c2c39d089a2145e7b9fffd61a2c421d3e2eb14cb6f2e993663
                                                                                                                                                                • Instruction ID: e734cc8a2b8407146b278b4dd3945256b02c176c8a52f043d16809dc749e6808
                                                                                                                                                                • Opcode Fuzzy Hash: 75c69dca568c91c2c39d089a2145e7b9fffd61a2c421d3e2eb14cb6f2e993663
                                                                                                                                                                • Instruction Fuzzy Hash: 16A11225F1CB4296FB60CB10B8B4BB963A1BF95344F010236D57D822E8DF6CE585A70A
                                                                                                                                                                Function 00007FFDF8468BC0 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 355COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$CriticalSection$Rect$EnterLeaveLong$ClassClientCursorLoadObjectRegisterStockVersion$AdjustCreateDesktopParentText
                                                                                                                                                                • String ID: title
                                                                                                                                                                • API String ID: 2376530372-724990059
                                                                                                                                                                • Opcode ID: 74695c080d5c9dabdc48a0f99bc9091c70d9cd2aa35611b947072ff467a12ced
                                                                                                                                                                • Instruction ID: c36c4fa809696efcce5beedae89d0c239d8b43e4c6c95f6a8d866f23f0163a0e
                                                                                                                                                                • Opcode Fuzzy Hash: 74695c080d5c9dabdc48a0f99bc9091c70d9cd2aa35611b947072ff467a12ced
                                                                                                                                                                • Instruction Fuzzy Hash: 9DF1BF32B086028AEB14DF25E464AADB7A2FB48B88B404535DE2E57BDCDF3CE505D345
                                                                                                                                                                Function 00007FFDF8485A10 Relevance: 30.5, APIs: 20, Instructions: 492COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$Delete$ReleaseRestoreStock$AlignRectScrollTextValidate
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3282784917-0
                                                                                                                                                                • Opcode ID: 1427557c10721f8ead673bcfe2e378cbc7c7a8a4f5d4325f2ad2acc176e51489
                                                                                                                                                                • Instruction ID: b9d75250712c7cf77a897255a3df5f7039263400aa3a52fdab1a0c6f721d9dff
                                                                                                                                                                • Opcode Fuzzy Hash: 1427557c10721f8ead673bcfe2e378cbc7c7a8a4f5d4325f2ad2acc176e51489
                                                                                                                                                                • Instruction Fuzzy Hash: 3D328D36B18A818AEB10CF25D8646AD77B1FB88B88F048136DF5D07BA8CF38D545DB45
                                                                                                                                                                Function 00007FFDF84D2F30 Relevance: 24.1, APIs: 16, Instructions: 124windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Color$Object$BrushText$CreateDeleteSelect$BitmapPattern
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 800347078-0
                                                                                                                                                                • Opcode ID: 4193f621a6b04f043c78ebd3a3fc9499ef1d187408a6ffba44af1accb25feb24
                                                                                                                                                                • Instruction ID: dad8d88b63aac3ed07e9b201bfd29c675eec32254375bdbb52d3208a71259acd
                                                                                                                                                                • Opcode Fuzzy Hash: 4193f621a6b04f043c78ebd3a3fc9499ef1d187408a6ffba44af1accb25feb24
                                                                                                                                                                • Instruction Fuzzy Hash: 9D516936B14A908ADB01CF22E869E2ABB75FF89BD4B118031DE5E47758DF39D486C704
                                                                                                                                                                Function 00007FFDF8455E80 Relevance: 24.1, APIs: 16, Instructions: 99windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ObjectViewport$CompatibleCreateModeSelectWindow$BeginBitmapClientPaintRectStock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3586948744-0
                                                                                                                                                                • Opcode ID: e7800f3404ee7cfba3a0227d07f66544f585e4bae452b07fa9e28b53aced8ab6
                                                                                                                                                                • Instruction ID: f8396e15203a026a593e63393eb40fd61a1211c05ec202405e19b334eb24b9f9
                                                                                                                                                                • Opcode Fuzzy Hash: e7800f3404ee7cfba3a0227d07f66544f585e4bae452b07fa9e28b53aced8ab6
                                                                                                                                                                • Instruction Fuzzy Hash: 5951F636B48A4186DB10CF25E866B6977A0FB88F88F448135CE9D4B76CDF38D885DB41
                                                                                                                                                                Function 00007FFDF8456C80 Relevance: 19.6, APIs: 13, Instructions: 86windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$MessageSendViewport$ClipLayoutLongParentPointsRectRestoreSave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1374418031-0
                                                                                                                                                                • Opcode ID: e44635f4067a275b0f6494861802cd1ea4e0d5330f7de745f1955e2869e7770d
                                                                                                                                                                • Instruction ID: 003a714f594fd1bc3b4ce7add57c2e2a81c92f4786d65203f7268db22c98ef98
                                                                                                                                                                • Opcode Fuzzy Hash: e44635f4067a275b0f6494861802cd1ea4e0d5330f7de745f1955e2869e7770d
                                                                                                                                                                • Instruction Fuzzy Hash: D7316D3270864186E7208F25F825A6AB761FF89B84F444230DE9E07B9CCF3CE5469B05
                                                                                                                                                                Function 00007FFDF845A9B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Cursor$Load
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1675784387-3916222277
                                                                                                                                                                • Opcode ID: 54e6e24cf99ec81fc7fdc432efb11c995f3f5f992107ba06b05eab6533c5b76a
                                                                                                                                                                • Instruction ID: 759fa56b6c7a4b71be56f6a207a25895a86f1c1e1c678b2356123641b6fa1476
                                                                                                                                                                • Opcode Fuzzy Hash: 54e6e24cf99ec81fc7fdc432efb11c995f3f5f992107ba06b05eab6533c5b76a
                                                                                                                                                                • Instruction Fuzzy Hash: DAA14F31F18A428AFB25CB10E4B5ABD23A2AF54744F104135C92D4A6ECEF2CF585F35A
                                                                                                                                                                Function 00007FFDF84E8EF0 Relevance: 16.7, APIs: 11, Instructions: 209COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$CapsDeviceReleaseSelect$EnumFamiliesFontMetricsText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4007977802-0
                                                                                                                                                                • Opcode ID: 5f6f0503ee1a1776def36467b6cc99a924c404ca3f9373fa61b7bdceafa82f90
                                                                                                                                                                • Instruction ID: ff4c346f495115813b97d134bc5702f4e6886914355c93dc981758dda25f832c
                                                                                                                                                                • Opcode Fuzzy Hash: 5f6f0503ee1a1776def36467b6cc99a924c404ca3f9373fa61b7bdceafa82f90
                                                                                                                                                                • Instruction Fuzzy Hash: 93913332B0978286EB108B21E468A79BBA2FB89BC0F444135DA6D877D8DF3CE441D705
                                                                                                                                                                Function 00007FFDF84699B3 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$ByteCharCloseHandleMultiViewWide$FlushPointerUnmap
                                                                                                                                                                • String ID: Could not flush memory to disk.
                                                                                                                                                                • API String ID: 3763602750-1683962931
                                                                                                                                                                • Opcode ID: dd0f2217c8549ecf15ff61d9df49c35841032012cd41915c318d4ace93311c45
                                                                                                                                                                • Instruction ID: 649a68a13375c8e4a1a2c3a20d5519369ad3e477cd64980ea6205035d8f28979
                                                                                                                                                                • Opcode Fuzzy Hash: dd0f2217c8549ecf15ff61d9df49c35841032012cd41915c318d4ace93311c45
                                                                                                                                                                • Instruction Fuzzy Hash: 7B419332B0465285EB519F21A924B79ABA1BF44FA8F084234CD3E577DDCE7CE8469309
                                                                                                                                                                Function 00007FFDF84F68D0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 217fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FFDF863BA6C: CreateFileW.KERNEL32 ref: 00007FFDF863BAC0
                                                                                                                                                                  • Part of subcall function 00007FFDF863BA6C: GetFileSize.KERNEL32 ref: 00007FFDF863BAD4
                                                                                                                                                                  • Part of subcall function 00007FFDF863BA6C: CreateFileMappingA.KERNEL32 ref: 00007FFDF863BB11
                                                                                                                                                                • FlushViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF84F6B4B
                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF84F6B64
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF84F6B72
                                                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF84F6B94
                                                                                                                                                                • SetEndOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF84F6B9D
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF84F6BA6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseCreateHandleView$FlushMappingPointerSizeUnmap
                                                                                                                                                                • String ID: Could not flush memory to disk.$file://%s
                                                                                                                                                                • API String ID: 409709207-3906887048
                                                                                                                                                                • Opcode ID: b0b92ccbc59e9aef65f3d7d1aa68c7c9c4c805aaa05ad689f6f1af1bb0b80a6b
                                                                                                                                                                • Instruction ID: 1c69f84eeddec09f278b0586a2b00ee3bef5cc7af7ae45d0a5bfec77065147a6
                                                                                                                                                                • Opcode Fuzzy Hash: b0b92ccbc59e9aef65f3d7d1aa68c7c9c4c805aaa05ad689f6f1af1bb0b80a6b
                                                                                                                                                                • Instruction Fuzzy Hash: FA91A032F18A8286FB109B61E5609FD3376AB55B98F404235DE2D17ADDDF38E802D309
                                                                                                                                                                Function 00007FFDF84D4E60 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$AddressCompatibleCreateDeleteLibraryLoadProc
                                                                                                                                                                • String ID: AlphaBlend$Msimg32.dll
                                                                                                                                                                • API String ID: 1553575486-1584225664
                                                                                                                                                                • Opcode ID: fa080bd3f348bdc9768bc887b5b335543963266cd3f123a7aa1efb98c217684d
                                                                                                                                                                • Instruction ID: dc9ef4eb4b39e8e87100c335bcf7440d3f8417cf9bf414556bc913cd661c0f30
                                                                                                                                                                • Opcode Fuzzy Hash: fa080bd3f348bdc9768bc887b5b335543963266cd3f123a7aa1efb98c217684d
                                                                                                                                                                • Instruction Fuzzy Hash: 37A19F33B187858AE710CF29E854AAD7BA5FB88B84F114035DE5D13BA8CF38E841DB45
                                                                                                                                                                Function 00007FFDF84D0E40 Relevance: 13.6, APIs: 9, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$SelectStock$AlignModeText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 120275662-0
                                                                                                                                                                • Opcode ID: 6b74b9da204ba8fd895e6ec8865797b612de59ad64470ee792e086b9ec6d16f5
                                                                                                                                                                • Instruction ID: 04fe5073a6fb93e329bf4a6b3b55b850427a968ad8010353e07089d3c5b39c4a
                                                                                                                                                                • Opcode Fuzzy Hash: 6b74b9da204ba8fd895e6ec8865797b612de59ad64470ee792e086b9ec6d16f5
                                                                                                                                                                • Instruction Fuzzy Hash: A621E676A08B4582EB048F21E469629B7A1FB88F58F048039CE5E4B7A8DF3DD885D745
                                                                                                                                                                Function 00007FFDF8469A8F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseHandleView$FlushPointerUnmap
                                                                                                                                                                • String ID: Could not flush memory to disk.
                                                                                                                                                                • API String ID: 519454899-1683962931
                                                                                                                                                                • Opcode ID: b73d4358ac55d620ab06e3cfeccbdfeac97a7d0ad169101e85d176b48f05745d
                                                                                                                                                                • Instruction ID: 128e94f624028ce7618bec9073cbca81823a1e8b48f82941ba742edd88df8704
                                                                                                                                                                • Opcode Fuzzy Hash: b73d4358ac55d620ab06e3cfeccbdfeac97a7d0ad169101e85d176b48f05745d
                                                                                                                                                                • Instruction Fuzzy Hash: EB31A221B09A4245FF519F219874B78B6A2BF45FA4F080031CD2E477ECCE7CE842A309
                                                                                                                                                                Function 00007FFDF863BB80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CloseHandleView$FlushPointerUnmap
                                                                                                                                                                • String ID: Could not flush memory to disk.
                                                                                                                                                                • API String ID: 519454899-1683962931
                                                                                                                                                                • Opcode ID: a59a20a507ae7d696e26f6fdb1f73b74851a39b21b555b9cc5a542ded406c25b
                                                                                                                                                                • Instruction ID: e23b27c6c6ad61a1269c2c812a490fbb667af87311d349018ec07e7ac7fec3f0
                                                                                                                                                                • Opcode Fuzzy Hash: a59a20a507ae7d696e26f6fdb1f73b74851a39b21b555b9cc5a542ded406c25b
                                                                                                                                                                • Instruction Fuzzy Hash: A7212C72B0894691EB24CF24D4A5B386361EF58B58F144235CA6E4A2DCCF7CD8D5D38A
                                                                                                                                                                Function 00007FFDF84878F0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$DeleteStock$AlignText$CompatibleCreateModeRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3369458553-0
                                                                                                                                                                • Opcode ID: d4e03a82a6d195a1ebcbc5fca189977f84f5d517c1789bb7b2143fcf13318719
                                                                                                                                                                • Instruction ID: 652ee6fdf9b079b6eab9b56957b1454bc490d608983a1c7d317d1ec0a7c9cf72
                                                                                                                                                                • Opcode Fuzzy Hash: d4e03a82a6d195a1ebcbc5fca189977f84f5d517c1789bb7b2143fcf13318719
                                                                                                                                                                • Instruction Fuzzy Hash: 43915073A19B818AE740CF64E4507AEBBB1F784798F105225EA9D53B9CDF78E481CB04
                                                                                                                                                                Function 00007FFDF8469E70 Relevance: 10.7, APIs: 7, Instructions: 174COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3346625119-0
                                                                                                                                                                • Opcode ID: 4ccd0a9173114f9239970e019711b96349d5cac11e4528948eb2e45e43f250d1
                                                                                                                                                                • Instruction ID: 1d3e206b094bb53c4ba88d0dcfac442e12292e8a29a4ec9a9352056f3892f016
                                                                                                                                                                • Opcode Fuzzy Hash: 4ccd0a9173114f9239970e019711b96349d5cac11e4528948eb2e45e43f250d1
                                                                                                                                                                • Instruction Fuzzy Hash: E7817C32B19B818AE700CF65E45066EB7B1FB88758F004235EE9E57B98DF78D485DB04
                                                                                                                                                                Function 00007FFDF845AD10 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileTemp$CursorFromLoadNamePath
                                                                                                                                                                • String ID: cur$wb+
                                                                                                                                                                • API String ID: 2710153881-2052460546
                                                                                                                                                                • Opcode ID: 04cc80c84db864875c7b023370f33a6e0518fac3f7f97c7bf57aed76f34358cc
                                                                                                                                                                • Instruction ID: 86444a61684bd16a141bc0a04bad83c9cd86c7c10f94055b426ec59952739995
                                                                                                                                                                • Opcode Fuzzy Hash: 04cc80c84db864875c7b023370f33a6e0518fac3f7f97c7bf57aed76f34358cc
                                                                                                                                                                • Instruction Fuzzy Hash: 3A718F72B09A8296EB20DF10E561ABC63A2BF44B94F444131DA6D0B6DCDF3CE945E316
                                                                                                                                                                Function 00007FFDF8491E30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: DISPLAY
                                                                                                                                                                • API String ID: 0-865373369
                                                                                                                                                                • Opcode ID: e89a10e3b25d851e65203a3a7f830cc55991e84142be60b1ee572a5089cddad4
                                                                                                                                                                • Instruction ID: fa23dc68a4e7ea6aa147a1e88b13ca028d5c2dab696416b37544c4ccc6c8e80b
                                                                                                                                                                • Opcode Fuzzy Hash: e89a10e3b25d851e65203a3a7f830cc55991e84142be60b1ee572a5089cddad4
                                                                                                                                                                • Instruction Fuzzy Hash: 6F615E32B186858AEB54CF25E450AADB7A1FB84748F048036EA5D47B9CDF3CE905DB05
                                                                                                                                                                Function 00007FFDF845EC80 Relevance: 10.6, APIs: 7, Instructions: 85timewindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: KillTimer$ClickCountCtrlDoubleMessageParentSendTickTime
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4083620262-0
                                                                                                                                                                • Opcode ID: 9e4e0e83d3e7de2e13254588f9f5a4d96801111bcbeb4be814ffbbbed9fa04b2
                                                                                                                                                                • Instruction ID: 0ec82316522bd332171a34887546d5eb3043b05a69d5829e123ff76976722966
                                                                                                                                                                • Opcode Fuzzy Hash: 9e4e0e83d3e7de2e13254588f9f5a4d96801111bcbeb4be814ffbbbed9fa04b2
                                                                                                                                                                • Instruction Fuzzy Hash: 8E417F32B08B8697DB188F21E564A6DB3A1FF88B94F100135EA6E47798CF3CE455CB05
                                                                                                                                                                Function 00007FFDF8456EC3 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$Value$EnterHookUnhookWindows
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1904704018-0
                                                                                                                                                                • Opcode ID: a42918b994e04d5e58e57aaafaa0fc39e551de2d39d8394ed08774b79015c5f9
                                                                                                                                                                • Instruction ID: e9e61ef536baa56514a68d0801e6aea7b93e6bed7732cd8a29215c354c01800d
                                                                                                                                                                • Opcode Fuzzy Hash: a42918b994e04d5e58e57aaafaa0fc39e551de2d39d8394ed08774b79015c5f9
                                                                                                                                                                • Instruction Fuzzy Hash: E3317026B45A4982EB059B25E975A3CB3A1FF45F95B054031CD2E0B7A9CF3CD446E309
                                                                                                                                                                Function 00007FFDF84DEA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateObjectSelect$CompatibleDeleteSection
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1921846281-3916222277
                                                                                                                                                                • Opcode ID: 2cc848c76c38cfa63847058d6e391336b4ecb31067088132384027aee3343cd3
                                                                                                                                                                • Instruction ID: d3db7d4bbf80006d0b6822bd14575c648e6aff80990827f51ef7b3c3a31b1923
                                                                                                                                                                • Opcode Fuzzy Hash: 2cc848c76c38cfa63847058d6e391336b4ecb31067088132384027aee3343cd3
                                                                                                                                                                • Instruction Fuzzy Hash: A22159327187908AD714CF69E459E6DB7A4FB89B90F028035DE5D43B58EF38D486CB04
                                                                                                                                                                Function 00007FFDF84D1E70 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$DeleteSelectStock$Restore
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1965476268-0
                                                                                                                                                                • Opcode ID: c7112bbd8ad19d664cd3d4ce59dd28258f2cc1bd6aed3929f198b13fe1b86dbc
                                                                                                                                                                • Instruction ID: cfb4214301266decea4cf32aab5bd11cdba99148c175f0da9b3b04233989d5a0
                                                                                                                                                                • Opcode Fuzzy Hash: c7112bbd8ad19d664cd3d4ce59dd28258f2cc1bd6aed3929f198b13fe1b86dbc
                                                                                                                                                                • Instruction Fuzzy Hash: BC21F136B0964282EF149F11E465A29B7A1EF88F85F044039DE5D4739CDF3DD881E745
                                                                                                                                                                Function 00007FFDF84D0F30 Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$Delete$AlignReleaseText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2724912489-0
                                                                                                                                                                • Opcode ID: ce7877d45820e50833c6ac42c57d90047f6bf82d145e7fc81f96e98d8d0d7241
                                                                                                                                                                • Instruction ID: 64c538dbd88085617786248b3dc6f22357b016df7012a8eff1ba058459fdb724
                                                                                                                                                                • Opcode Fuzzy Hash: ce7877d45820e50833c6ac42c57d90047f6bf82d145e7fc81f96e98d8d0d7241
                                                                                                                                                                • Instruction Fuzzy Hash: BE21E676B04A4582DB508F25D465729B7A1FB88F88F088035CE5E4B7ACDF3CD88AD745
                                                                                                                                                                Function 00007FFDF84939F8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 36registryclipboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClipboardFormatRegister
                                                                                                                                                                • String ID: English$HTMLayoutTransferFocus$HTMLayoutWhois$lf'
                                                                                                                                                                • API String ID: 1228543026-3013438658
                                                                                                                                                                • Opcode ID: babbb48c047d623e1600ab29f5d925753b8cf4cf030b367df3eafaa86ec292f3
                                                                                                                                                                • Instruction ID: b438273ef72ef47f449a014f3bdf82c88a4245b602fc24e8fb1537d8b3957a35
                                                                                                                                                                • Opcode Fuzzy Hash: babbb48c047d623e1600ab29f5d925753b8cf4cf030b367df3eafaa86ec292f3
                                                                                                                                                                • Instruction Fuzzy Hash: DB113030F4AB82C0FB65DB50A870BB83391AF41B58F545036CA2E472DDDF2D6841A30A
                                                                                                                                                                Function 00007FFDF84AFC70 Relevance: 9.2, APIs: 6, Instructions: 189COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$CreateDeleteFont
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1981917228-0
                                                                                                                                                                • Opcode ID: f3e4b9460282a46d70cf9adcfeb2039f1ef2d95b67c44a3e2a8a11c9a72658ae
                                                                                                                                                                • Instruction ID: 1c3b38b7c9912586b74486ea1712cd938becf4a9a84e47cc930175eaec4e7035
                                                                                                                                                                • Opcode Fuzzy Hash: f3e4b9460282a46d70cf9adcfeb2039f1ef2d95b67c44a3e2a8a11c9a72658ae
                                                                                                                                                                • Instruction Fuzzy Hash: 9F816BB2704A8186DB14CF25D060A6D7BB2FB89F88B105235DE6D4B799DF38E841CB45
                                                                                                                                                                Function 00007FFDF8457F3E Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeaveLongWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1534508445-0
                                                                                                                                                                • Opcode ID: d66463540d52fbaa08f2269b6b5924802fb9e93966dc9a464f373c4299f1e823
                                                                                                                                                                • Instruction ID: d8459eda72fefe991cd91637ddc46e95e8666921ebe946480dd464df12ed3053
                                                                                                                                                                • Opcode Fuzzy Hash: d66463540d52fbaa08f2269b6b5924802fb9e93966dc9a464f373c4299f1e823
                                                                                                                                                                • Instruction Fuzzy Hash: 6B516822B45B8193DB09CB25EAA46ACB7A8FF45B40F404035CB6D177A5DF38A136E309
                                                                                                                                                                Function 00007FFDF848EDF0 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$Concurrency::cancel_current_taskDestroyParentUpdate
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2364769541-0
                                                                                                                                                                • Opcode ID: 84006ea7a46b469e9a9fc6f157db765d622cb77304bb2bfb2e72d4aaa374a56a
                                                                                                                                                                • Instruction ID: cfcb204a36f9e4d22b384da4cafbcf9a5ce42fe9193d6307e8894227c4cd7921
                                                                                                                                                                • Opcode Fuzzy Hash: 84006ea7a46b469e9a9fc6f157db765d622cb77304bb2bfb2e72d4aaa374a56a
                                                                                                                                                                • Instruction Fuzzy Hash: E2414936B19B8682EF148F15E860A29B3A5FF89F80F154031DAAD477A8CF3CD406D705
                                                                                                                                                                Function 00007FFDF8457AC0 Relevance: 9.1, APIs: 6, Instructions: 100timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Timer$ClickClientCriticalDoubleLeaveLongScreenSectionTimeWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3215539043-0
                                                                                                                                                                • Opcode ID: 73618138e51436ca7ae3cbcba2d907d386295a873e6ebe18a6ffc502ab9ade28
                                                                                                                                                                • Instruction ID: d336bf29a2b8dff1a356d3cb212dff8936d396bc949b671de771b23166b2c046
                                                                                                                                                                • Opcode Fuzzy Hash: 73618138e51436ca7ae3cbcba2d907d386295a873e6ebe18a6ffc502ab9ade28
                                                                                                                                                                • Instruction Fuzzy Hash: 8741AF32B046858BDB58CF24D5A4A6EB7A5FB48B84F014132DF2D477A8CF38E856D704
                                                                                                                                                                Function 00007FFDF8457CA2 Relevance: 9.1, APIs: 6, Instructions: 78timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AsyncState$KillTimer$ClickClientCountCriticalDoubleLeaveScreenSectionTickTime
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2332058121-0
                                                                                                                                                                • Opcode ID: eb766e8acca3439d53420ca13729184efe45f6031f7edc001b21688ab818ce8d
                                                                                                                                                                • Instruction ID: 6b19b9366d0e5e7730cb6e0d70160a250074f1094de27bcfb726f1020fd61c41
                                                                                                                                                                • Opcode Fuzzy Hash: eb766e8acca3439d53420ca13729184efe45f6031f7edc001b21688ab818ce8d
                                                                                                                                                                • Instruction Fuzzy Hash: 62319C36B44A4587EB19CF25D5A467DB3A1FF88B94F004532CA2E4B7A8CF38E456D305
                                                                                                                                                                Function 00007FFDF8457BEF Relevance: 9.1, APIs: 6, Instructions: 70timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AsyncState$ClickDoubleTime$ClientCountCriticalLeaveScreenSectionTickTimer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1680461691-0
                                                                                                                                                                • Opcode ID: 5898837dbd1c530e901a56689a693911186bb106a95ddecfe80104208d7871cd
                                                                                                                                                                • Instruction ID: 92138c57534247fba5cce83e6678a0b56510fa42179db40faf3403fdedf32135
                                                                                                                                                                • Opcode Fuzzy Hash: 5898837dbd1c530e901a56689a693911186bb106a95ddecfe80104208d7871cd
                                                                                                                                                                • Instruction Fuzzy Hash: 84318E32B4468587DB09CF25E965B6CB7A1FF48B84F014036CA2D4B7A8DF38E456D708
                                                                                                                                                                Function 00007FFDF8509C70 Relevance: 9.1, APIs: 6, Instructions: 60sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509C95
                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL ref: 00007FFDF8509CD6
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509CE8
                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL ref: 00007FFDF8509D1C
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D34
                                                                                                                                                                • Sleep.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D3F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave$EventSleep
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2153927836-0
                                                                                                                                                                • Opcode ID: 14a5285f25157143b16b5cbfab45d6ae2c043b77e3b06e13389ec8df90a851ce
                                                                                                                                                                • Instruction ID: dd9def743e070791f5df2e85c0680c8e6c89bf75c630c7d88abc24fa92fdb2de
                                                                                                                                                                • Opcode Fuzzy Hash: 14a5285f25157143b16b5cbfab45d6ae2c043b77e3b06e13389ec8df90a851ce
                                                                                                                                                                • Instruction Fuzzy Hash: EF210836745A8683DB118F25E465B2AB7B0FB84B80F484031CBAE47BA8DF3CE445D745
                                                                                                                                                                Function 00007FFDF87208EC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FFDF8712061,?,?,?,?,00007FFDF872A50A,?,?,00000000,00007FFDF8719A8F,?,?,?), ref: 00007FFDF87208FB
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8712061,?,?,?,?,00007FFDF872A50A,?,?,00000000,00007FFDF8719A8F,?,?,?), ref: 00007FFDF8720931
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8712061,?,?,?,?,00007FFDF872A50A,?,?,00000000,00007FFDF8719A8F,?,?,?), ref: 00007FFDF872095E
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8712061,?,?,?,?,00007FFDF872A50A,?,?,00000000,00007FFDF8719A8F,?,?,?), ref: 00007FFDF872096F
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8712061,?,?,?,?,00007FFDF872A50A,?,?,00000000,00007FFDF8719A8F,?,?,?), ref: 00007FFDF8720980
                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FFDF8712061,?,?,?,?,00007FFDF872A50A,?,?,00000000,00007FFDF8719A8F,?,?,?), ref: 00007FFDF872099B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                • Opcode ID: 12542120e6f50c63ab26e5ddec8c41dd7d9166dad7c60bf523bd9b84eeb0129f
                                                                                                                                                                • Instruction ID: ff90d29816e0815403a5e8cd9ef650086e72e9b8d405fde911fa549e323dfa6e
                                                                                                                                                                • Opcode Fuzzy Hash: 12542120e6f50c63ab26e5ddec8c41dd7d9166dad7c60bf523bd9b84eeb0129f
                                                                                                                                                                • Instruction Fuzzy Hash: 90119A20B8824242FB95A7216571A79F2426F547B0F440738EDBE076DEEE6CF441AB1B
                                                                                                                                                                Function 00007FFDF845EE00 Relevance: 9.1, APIs: 6, Instructions: 56timewindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClickDoubleFocusTime$CountTickTimer
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4271707189-0
                                                                                                                                                                • Opcode ID: c19cbb4b9da62d9f153ee1cdb27c6d7f83590c80cb4fea88dc43f10c8e5efc51
                                                                                                                                                                • Instruction ID: c53e5df5ce529c7d70a31e865112e5f4d6b9e917e618722826b3f68493312f89
                                                                                                                                                                • Opcode Fuzzy Hash: c19cbb4b9da62d9f153ee1cdb27c6d7f83590c80cb4fea88dc43f10c8e5efc51
                                                                                                                                                                • Instruction Fuzzy Hash: A6216972B0878597DB08CF25E598A6DB7A0FB88B80F048135DB9947758CF3CE4668B44
                                                                                                                                                                Function 00007FFDF85F7F30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103clipboardregistryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Clipboard$CloseEmptyFormatOpenRegister
                                                                                                                                                                • String ID: HTML Format
                                                                                                                                                                • API String ID: 2398088879-1098232656
                                                                                                                                                                • Opcode ID: ce927c0543dde8b722540e270525681260c9a0d05d59d3d81afd01d5a694ebe7
                                                                                                                                                                • Instruction ID: a3418233d3f1e7170185f2b0cc2b2bff3b25f7794fe2ed455c9fc818f0d6dacd
                                                                                                                                                                • Opcode Fuzzy Hash: ce927c0543dde8b722540e270525681260c9a0d05d59d3d81afd01d5a694ebe7
                                                                                                                                                                • Instruction Fuzzy Hash: A541213AB15B558AEB00CF65E8A05AC73B4FF48B88B044536DE6D47BA8CF38D451D345
                                                                                                                                                                Function 00007FFDF845DA70 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 214COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF8459D69), ref: 00007FFDF845DBEB
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF8459D69), ref: 00007FFDF845DC44
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                • String ID: image/gif$image/jpeg$image/png
                                                                                                                                                                • API String ID: 626452242-935766689
                                                                                                                                                                • Opcode ID: 7fd1572a6cb2c2d8c0b115c3fe3e3a3e59b1a8ee89d55d1b05b19f59e746df8f
                                                                                                                                                                • Instruction ID: c4b784e7a495125792574d6b0cf7d51264396ffdec360208a95cb0dbde68dd7b
                                                                                                                                                                • Opcode Fuzzy Hash: 7fd1572a6cb2c2d8c0b115c3fe3e3a3e59b1a8ee89d55d1b05b19f59e746df8f
                                                                                                                                                                • Instruction Fuzzy Hash: B0916A72B08A4682EB148F15E860A7D77A2FF48B84F544135DA2D4B7E8CF3CE845D30A
                                                                                                                                                                Function 00007FFDF84F5A90 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalInitializeSection
                                                                                                                                                                • String ID: Verdana$screen,desktop
                                                                                                                                                                • API String ID: 32694325-708148380
                                                                                                                                                                • Opcode ID: a704d51f6ec4d936ae99704e0a4c8c3dcefecf127bdd98c7c1e9518d0b54f3b9
                                                                                                                                                                • Instruction ID: bcccc15d7d5a0f23f6ffbc85191f87fd6676d2e2950c51f311e346c874dfe652
                                                                                                                                                                • Opcode Fuzzy Hash: a704d51f6ec4d936ae99704e0a4c8c3dcefecf127bdd98c7c1e9518d0b54f3b9
                                                                                                                                                                • Instruction Fuzzy Hash: D7B11832705B81AAE748CF25EA947A8B7A4F744B44F588129CB6D033A4DF38F1B5D709
                                                                                                                                                                Function 00007FFDF8459E10 Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$CriticalSection$Select$EnterLeave$CompatibleCreateDeleteStock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1060921341-0
                                                                                                                                                                • Opcode ID: 4eb4a50a35d338c7aee3a90604c28e54e49379171f43b69627f5d4d089ebebc6
                                                                                                                                                                • Instruction ID: cf4724a21da5659d20f5f65d9b15fe24ed26503148ef4ca8a60f184971b3d05b
                                                                                                                                                                • Opcode Fuzzy Hash: 4eb4a50a35d338c7aee3a90604c28e54e49379171f43b69627f5d4d089ebebc6
                                                                                                                                                                • Instruction Fuzzy Hash: D4716B32718A8185EB20DF25E8A17EDB361FF84B84F404032DA6E47AA9DF3CD545D705
                                                                                                                                                                Function 00007FFDF84E8C60 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFont$CapsDevice
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3852243758-0
                                                                                                                                                                • Opcode ID: 2b0721a7ca8733c8c25204a0ccb3bfc4e1a8ce0835b57d73567126ed290bc4f5
                                                                                                                                                                • Instruction ID: 29d1c71ce82ff10d4eb79c738baf75e4bfb1aca0bc274954bb776a4252754ed0
                                                                                                                                                                • Opcode Fuzzy Hash: 2b0721a7ca8733c8c25204a0ccb3bfc4e1a8ce0835b57d73567126ed290bc4f5
                                                                                                                                                                • Instruction Fuzzy Hash: 65519072A187C186E760CF15E850B6ABBA1FBD5784F145229EA9843BA8DF7CD0909F04
                                                                                                                                                                Function 00007FFDF8465B80 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$CtrlDestroyMessageParentSend
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2943902463-0
                                                                                                                                                                • Opcode ID: 34ee0642b3d6b810d2c4174601a9f1983ab3aaefe840b9835bc868b432316253
                                                                                                                                                                • Instruction ID: b5b8a8c749f8ee6c8ea11332e84f114093cd1e9180894304c92c9a86175538d6
                                                                                                                                                                • Opcode Fuzzy Hash: 34ee0642b3d6b810d2c4174601a9f1983ab3aaefe840b9835bc868b432316253
                                                                                                                                                                • Instruction Fuzzy Hash: 4E31AF32708B8582EB148F11E864A6AB3A5FF89BC0F144035DAAE077A8CF3CE845C705
                                                                                                                                                                Function 00007FFDF8728F0C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                • Instruction ID: 958d3e9d76a39c28fe7a680bde0982b8491fbf826a85b17907e8c4d2eeb140cb
                                                                                                                                                                • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                • Instruction Fuzzy Hash: 04119822F98A2315F7541118EC61B75F2436F98370E040A34FE7E0A6EE9E3E9940690A
                                                                                                                                                                Function 00007FFDF87209B4 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FFDF8718E33,?,?,00000000,00007FFDF87190CE,?,?,?,?,?,00007FFDF871905A), ref: 00007FFDF87209D3
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8718E33,?,?,00000000,00007FFDF87190CE,?,?,?,?,?,00007FFDF871905A), ref: 00007FFDF87209F2
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8718E33,?,?,00000000,00007FFDF87190CE,?,?,?,?,?,00007FFDF871905A), ref: 00007FFDF8720A1A
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8718E33,?,?,00000000,00007FFDF87190CE,?,?,?,?,?,00007FFDF871905A), ref: 00007FFDF8720A2B
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FFDF8718E33,?,?,00000000,00007FFDF87190CE,?,?,?,?,?,00007FFDF871905A), ref: 00007FFDF8720A3C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                • Opcode ID: e62a96ce5c66054e468777da1a202b7dd322e774ef89683629494ed3298c4153
                                                                                                                                                                • Instruction ID: bdda55d4ea371e981389477802996c1f14a274791ba669d0118e2791b094728c
                                                                                                                                                                • Opcode Fuzzy Hash: e62a96ce5c66054e468777da1a202b7dd322e774ef89683629494ed3298c4153
                                                                                                                                                                • Instruction Fuzzy Hash: 34116720F9828241FB9967216571AB9F1525F403B0F884734EC3D076DEEE6CF881AA1B
                                                                                                                                                                Function 00007FFDF8546900 Relevance: 6.3, APIs: 4, Instructions: 321COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3936042273-0
                                                                                                                                                                • Opcode ID: f4a88ab0ba66270a3e40166517e891bf6a7b9e251a01f98305efdc0af75f1a26
                                                                                                                                                                • Instruction ID: cdadfd8d9ee3e7e2d0b0f019e87f894c047619999b6ab14327bd82ab7bb99ddc
                                                                                                                                                                • Opcode Fuzzy Hash: f4a88ab0ba66270a3e40166517e891bf6a7b9e251a01f98305efdc0af75f1a26
                                                                                                                                                                • Instruction Fuzzy Hash: B4B12E22708B8186EB059B22E5242AD6792FB05BE4F484631DE7D07BC9CE7CD191E30A
                                                                                                                                                                Function 00007FFDF8721D48 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FFDF8721CE8), ref: 00007FFDF8721E6B
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FFDF8721CE8), ref: 00007FFDF8721EF5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                • Opcode ID: 525c6090929db2b4d4d2276457ba9b185110b05c3e7155ea4d5178194210c406
                                                                                                                                                                • Instruction ID: 0ed86f5fa287672c3732976418e1a43bc93d8cc8cceef562170ecfdf8088babd
                                                                                                                                                                • Opcode Fuzzy Hash: 525c6090929db2b4d4d2276457ba9b185110b05c3e7155ea4d5178194210c406
                                                                                                                                                                • Instruction Fuzzy Hash: B5910622F5865285F750CB659460BBCB7A0FB44798F404136DE2E93ADCCF38E441EB2A
                                                                                                                                                                Function 00007FFDF848DB90 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2801635615-0
                                                                                                                                                                • Opcode ID: 7ce7ea57ec7f45ea88e4b2ef60821b6d780440ea6ce05309ecc210499ba82453
                                                                                                                                                                • Instruction ID: 1fdd4768d0567f481b473df817a9de292d5dfc09650d83863b60ab67cceeffb8
                                                                                                                                                                • Opcode Fuzzy Hash: 7ce7ea57ec7f45ea88e4b2ef60821b6d780440ea6ce05309ecc210499ba82453
                                                                                                                                                                • Instruction Fuzzy Hash: BD319C76B0A60586EB64CF15E964A6877A1FF44BD0F408031CF5E437A8CF38E89AD705
                                                                                                                                                                Function 00007FFDF863BA6C Relevance: 6.1, APIs: 4, Instructions: 82fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$View$CloseCreateHandle$FlushMappingPointerSizeUnmap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3155271917-0
                                                                                                                                                                • Opcode ID: ecbef2459043b525bd7a320c3b1a5a764f1805ce84f071d7d5051efa6ab7ea54
                                                                                                                                                                • Instruction ID: 28b99f3c84db3d927ad4fe7b1d297d2948119e468eb27679167036bab7af9d7c
                                                                                                                                                                • Opcode Fuzzy Hash: ecbef2459043b525bd7a320c3b1a5a764f1805ce84f071d7d5051efa6ab7ea54
                                                                                                                                                                • Instruction Fuzzy Hash: 7531D432B05B4186E724CF25E455B6877A1EB88BA4F148234CAAE077CCCF3CD896D344
                                                                                                                                                                Function 00007FFDF84D39D0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: GetStockObject.GDI32(?,?,?,00007FFDF84D3A01,?,?,?,?,?,?,00000000,00007FFDF848F5ED), ref: 00007FFDF84D1EA5
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: SelectObject.GDI32 ref: 00007FFDF84D1EB2
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: DeleteObject.GDI32 ref: 00007FFDF84D1EC0
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: GetStockObject.GDI32(?,?,?,00007FFDF84D3A01,?,?,?,?,?,?,00000000,00007FFDF848F5ED), ref: 00007FFDF84D1ECB
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: SelectObject.GDI32 ref: 00007FFDF84D1ED8
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: DeleteObject.GDI32 ref: 00007FFDF84D1EE6
                                                                                                                                                                  • Part of subcall function 00007FFDF84D1E70: RestoreDC.GDI32 ref: 00007FFDF84D1F17
                                                                                                                                                                • SelectObject.GDI32 ref: 00007FFDF84D3A6E
                                                                                                                                                                • GetStockObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF848F5ED), ref: 00007FFDF84D3A79
                                                                                                                                                                • SelectObject.GDI32 ref: 00007FFDF84D3A85
                                                                                                                                                                • DeleteDC.GDI32 ref: 00007FFDF84D3A8E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$DeleteStock$Restore
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1104070528-0
                                                                                                                                                                • Opcode ID: eff816e2f254408a87cacc38f3f58e5f2d40c1e400b394b22ecf078e492a30ea
                                                                                                                                                                • Instruction ID: 0598524950b59269f876bf41f0a64f8e190d4dea15a7cb5b002dcd9352a65ef6
                                                                                                                                                                • Opcode Fuzzy Hash: eff816e2f254408a87cacc38f3f58e5f2d40c1e400b394b22ecf078e492a30ea
                                                                                                                                                                • Instruction Fuzzy Hash: F221D37AB49B8681DB00DB12E865A69B365FB89FC8F044032DE5E177A8CF3CD0469745
                                                                                                                                                                Function 00007FFDF8493AF0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3473537107-0
                                                                                                                                                                • Opcode ID: b79b0a6ecb46c96003dad4b9e107e9b99562151029deccb73a05b12182303294
                                                                                                                                                                • Instruction ID: a5364738841017adf42e6a33863380c60ebc4f34feb7880d43849094c7f66a04
                                                                                                                                                                • Opcode Fuzzy Hash: b79b0a6ecb46c96003dad4b9e107e9b99562151029deccb73a05b12182303294
                                                                                                                                                                • Instruction Fuzzy Hash: 8F010931B09B4281EB10CB16F46496973A1EF89BC4B145034DA6D4B7ADEF3CE591A705
                                                                                                                                                                Function 00007FFDF8509D60 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509C95
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: RtlLeaveCriticalSection.NTDLL ref: 00007FFDF8509CD6
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509CE8
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: RtlLeaveCriticalSection.NTDLL ref: 00007FFDF8509D1C
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: SetEvent.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D34
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: Sleep.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D3F
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D9A
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509DAA
                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509DB4
                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509DBE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CloseDeleteEnterHandleLeave$EventSleep
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 466394505-0
                                                                                                                                                                • Opcode ID: 0b947f7ed643c7f42ddc7bfd956eee3cd6c79ad2f279488b943882289052cbef
                                                                                                                                                                • Instruction ID: 90317b7ecc0dfe7f8f5c359723739e7ee0e94da15fbb407c49767e492421d479
                                                                                                                                                                • Opcode Fuzzy Hash: 0b947f7ed643c7f42ddc7bfd956eee3cd6c79ad2f279488b943882289052cbef
                                                                                                                                                                • Instruction Fuzzy Hash: C9115722B48A4682EB01DF25E4A9B397360EF84B94F184230DA2E473EDDE3DE445D346
                                                                                                                                                                Function 00007FFDF8480EB0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 127614599-0
                                                                                                                                                                • Opcode ID: 5be1e2ee7d9a81fa17b284ba20b411867fd6f81ef933a2590a305a6a153334ed
                                                                                                                                                                • Instruction ID: 7c15846e06100f472237e0b110f803204c0ee063e7ce3224ddf3e6fce724d531
                                                                                                                                                                • Opcode Fuzzy Hash: 5be1e2ee7d9a81fa17b284ba20b411867fd6f81ef933a2590a305a6a153334ed
                                                                                                                                                                • Instruction Fuzzy Hash: E0012131B1860287E704CB15F461A767262EF84751F158038CA29476D8DF3DE8D2A709
                                                                                                                                                                Function 00007FFDF8480EC7 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 127614599-0
                                                                                                                                                                • Opcode ID: 1625ff2e856f10e3215f3475f18c0cda9def00bc986b4b7b17f96f3e245c4f11
                                                                                                                                                                • Instruction ID: e78eebf4489580c3564e340482c2252a92fcccf6219e247637590d17bdaff8c7
                                                                                                                                                                • Opcode Fuzzy Hash: 1625ff2e856f10e3215f3475f18c0cda9def00bc986b4b7b17f96f3e245c4f11
                                                                                                                                                                • Instruction Fuzzy Hash: 95018430B5860283E7048B01F461A767263EF84761F158038CA2947BD8DF3CE4C2A709
                                                                                                                                                                Function 00007FFDF8480ECF Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 127614599-0
                                                                                                                                                                • Opcode ID: 1f91f3bd0f353a1964deae5785e75f5a6129917df4bd84ec7513cf566acd5e33
                                                                                                                                                                • Instruction ID: 2e67cd9fce037258c24ba67962442ee000f158869e0f3e1a821524f63f740ceb
                                                                                                                                                                • Opcode Fuzzy Hash: 1f91f3bd0f353a1964deae5785e75f5a6129917df4bd84ec7513cf566acd5e33
                                                                                                                                                                • Instruction Fuzzy Hash: D5016230B58A0287E704CB11F461A76B663EF84761F158038CA69477D8DF3DE8D29709
                                                                                                                                                                Function 00007FFDF8456A00 Relevance: 6.0, APIs: 4, Instructions: 26memorythreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocCurrentHookThreadValueWindows
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4130353779-0
                                                                                                                                                                • Opcode ID: 8cffb43212bdcbbbabfa8f7cc5e6ddd963a4ba2e1819bb472e2b2118154e8187
                                                                                                                                                                • Instruction ID: 654d09b3cec52162eed300b053459d633e0c47994b3996051fcecc792491fd06
                                                                                                                                                                • Opcode Fuzzy Hash: 8cffb43212bdcbbbabfa8f7cc5e6ddd963a4ba2e1819bb472e2b2118154e8187
                                                                                                                                                                • Instruction Fuzzy Hash: BEF06220F4D60686EB455B24A8B6E783791AF45B20F441634C43D4A2E8DF6C7886F70B
                                                                                                                                                                Function 00007FFDF8459930 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExclusiveLock$AcquireCriticalSection$EnterLeaveRelease
                                                                                                                                                                • String ID: htmlarea
                                                                                                                                                                • API String ID: 581408045-1618212067
                                                                                                                                                                • Opcode ID: aad6f7ff5729ab4ef414cf9d8095b2aabec088782a0c8ffb7a5cfd3751bb5bee
                                                                                                                                                                • Instruction ID: 4777de301f7a553ccfe505a096ee05d2cea5f576276ea50818a08645a6549d59
                                                                                                                                                                • Opcode Fuzzy Hash: aad6f7ff5729ab4ef414cf9d8095b2aabec088782a0c8ffb7a5cfd3751bb5bee
                                                                                                                                                                • Instruction Fuzzy Hash: E6616071B18B4291EF15CB15E4A4A796762FF44B81F494531CA2D8B7E8DF3CE841E30A
                                                                                                                                                                Function 00007FFDF8459B90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                • String ID: htmlarea
                                                                                                                                                                • API String ID: 3168844106-1618212067
                                                                                                                                                                • Opcode ID: 5df70c3d2faf6a5e22c488f30e633acdef284722aa05c7714050f83cef8c8094
                                                                                                                                                                • Instruction ID: 1ed1846772b1d02b4c53d8b38ff38a1511c3679b25ff1c8d3ee72156fe1eb97c
                                                                                                                                                                • Opcode Fuzzy Hash: 5df70c3d2faf6a5e22c488f30e633acdef284722aa05c7714050f83cef8c8094
                                                                                                                                                                • Instruction Fuzzy Hash: A8412062B04A8581EF15CB19E5B8A7C6BA1FF44B85F058431CE2E8B7A9DF2CD541E309
                                                                                                                                                                Function 00007FFDF8721A18 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                • String ID: U
                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                • Opcode ID: f2fbe524a5f007a0204124b2a62afc029b72785a55749f0e9f80bc10fb2fb7b0
                                                                                                                                                                • Instruction ID: 26baff5c21f20b191b94832e1b3211c63b6fdb168ab9ff32659acb7417f9bafa
                                                                                                                                                                • Opcode Fuzzy Hash: f2fbe524a5f007a0204124b2a62afc029b72785a55749f0e9f80bc10fb2fb7b0
                                                                                                                                                                • Instruction Fuzzy Hash: 8F41F532B18A4181DB20DF25E865BBAB7A5FB88784F504031EE5D87788EF3CE401DB55
                                                                                                                                                                Function 00007FFDF84D4D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Stretch$BitsMode
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 661349847-3916222277
                                                                                                                                                                • Opcode ID: 6f7d81da5fe5bed401d5625eaa5be3eb2ef35119b6fa737cee29217cd1b4ec74
                                                                                                                                                                • Instruction ID: 9731f8d816890996371f30325adaabc8e5791033508a52c437a1ba355533c506
                                                                                                                                                                • Opcode Fuzzy Hash: 6f7d81da5fe5bed401d5625eaa5be3eb2ef35119b6fa737cee29217cd1b4ec74
                                                                                                                                                                • Instruction Fuzzy Hash: E7313A73614A848AD715CF26E494B1ABBA4F748BD4F618135EF9D43B28DF38E846CB00
                                                                                                                                                                Function 00007FFDF84F6DA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FFDF845E203), ref: 00007FFDF84F6DCF
                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL ref: 00007FFDF84F6E05
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509C95
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: RtlLeaveCriticalSection.NTDLL ref: 00007FFDF8509CD6
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509CE8
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: RtlLeaveCriticalSection.NTDLL ref: 00007FFDF8509D1C
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: SetEvent.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D34
                                                                                                                                                                  • Part of subcall function 00007FFDF8509C70: Sleep.KERNEL32(?,?,?,?,?,00007FFDF8509E39,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D3F
                                                                                                                                                                  • Part of subcall function 00007FFDF8509D60: CloseHandle.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509D9A
                                                                                                                                                                  • Part of subcall function 00007FFDF8509D60: CloseHandle.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509DAA
                                                                                                                                                                  • Part of subcall function 00007FFDF8509D60: DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509DB4
                                                                                                                                                                  • Part of subcall function 00007FFDF8509D60: DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF8509E47,?,?,?,?,?,00007FFDF84F65A0), ref: 00007FFDF8509DBE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000002.3649252000.00007FFDF8451000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF8450000, based on PE: true
                                                                                                                                                                • Associated: 00000007.00000002.3649200891.00007FFDF8450000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649597766.00007FFDF875A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649690618.00007FFDF8802000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649732088.00007FFDF8803000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649812910.00007FFDF8804000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649854311.00007FFDF8805000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649893545.00007FFDF8806000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649946216.00007FFDF8809000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3649982672.00007FFDF880F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                • Associated: 00000007.00000002.3650085832.00007FFDF8813000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_2_7ffdf8450000_instup.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave$CloseDeleteHandle$EventSleep
                                                                                                                                                                • String ID: resource://blank
                                                                                                                                                                • API String ID: 1336082208-1841388455
                                                                                                                                                                • Opcode ID: 496ea26c38ac7dffedc20fdd9db8533b93978701569a9210156b1ef018fd79b6
                                                                                                                                                                • Instruction ID: b396460f5ee48c66a3829aa3c92778c740c866e1c05606b7348fb9af2d14a00d
                                                                                                                                                                • Opcode Fuzzy Hash: 496ea26c38ac7dffedc20fdd9db8533b93978701569a9210156b1ef018fd79b6
                                                                                                                                                                • Instruction Fuzzy Hash: F8316D32718B8682EF408F15E460A6A77A1FF85B94F445136EB9D07BA8CF3CE454D705